Comment 6 for bug 1902917

This report is now being tracked in public, so it can be discussed in public meetings and on mailing lists, and changes related to it can be pushed to normal code review (ideally referencing this bug number).

Pending further confirmation, this sounds likely to be a class A report per our taxonomy (and so would be covered in a security advisory similar to OSSA-2016-009/CVE-2015-8914): https://security.openstack.org/vmt-process.html#incident-report-taxonomy