Thanks for the feedback everyone, I've switched this to a regular public bug and set the security advisory task to won't fix, treating it as a class D report (hardening opportunity) per the OpenStack VMT's report taxonomy: https://security.openstack.org/vmt-process.html#incident-report-taxonomy
Thanks for the feedback everyone, I've switched this to a regular public bug and set the security advisory task to won't fix, treating it as a class D report (hardening opportunity) per the OpenStack VMT's report taxonomy: https:/ /security. openstack. org/vmt- process. html#incident- report- taxonomy