On rereading the impact description, I think for clarity we should have something more like:
... When the 'insecure' option is set in a S3Token paste configuration file its value is effectively ignored. Note that it's unusual to explicitly add this option and then set it to false, so the impact of this bug is thought to be limited. ...
On rereading the impact description, I think for clarity we should have something more like:
... When the 'insecure' option is set in a S3Token paste configuration file its value is effectively ignored. Note that it's unusual to explicitly add this option and then set it to false, so the impact of this bug is thought to be limited. ...