Comment 4 for bug 1226078

I think this bug has been well understood for some time.

We however could not *fix* it without breaking backwards compatibility in v1. Hence, we held off on memberships in v2.0, and then only added them in v2.1 when we were sure that we could prevent this kind of griefing/spamming.

In v2.1+, when you add a tenant id as a member to an image, the membership starts out in the "pending" state. "Pending" memberships can be viewed by users in that tenant by querying specifically for "membership-status=pending", however, they must be "accepted" before they show up in the default listing. This puts in place a two step solution that IMO generally resolves the security issue.

In addition, it is possible for deployers to limit image sharing to specific roles, in case more control is required.

So I'm not sure if this bug is "invalid", "fix released", or "wontfix" at this point.