Consensus seems to be that this discussion does not need to continue under embargo. I'm treating it as a class D (potential security hardening opportunity) report, in case the Nova developers are willing to consider accepting a patch to implement some additional validation on the rotation field to reject 0. https://security.openstack.org/vmt-process.html#incident-report-taxonomy
Consensus seems to be that this discussion does not need to continue under embargo. I'm treating it as a class D (potential security hardening opportunity) report, in case the Nova developers are willing to consider accepting a patch to implement some additional validation on the rotation field to reject 0. https:/ /security. openstack. org/vmt- process. html#incident- report- taxonomy