Comment 14 for bug 1401170

Even if the general type of issue was unfortunately partially disclosed on the ML, I would argue that nobody can guess where a quota is actually missing in such an exploitable fashion... so I would rather keep this embargoed until we make a final decision on it.

Since this is easily exploitable (although there aren't that many Glance public servers), I would prefer we have some workaround that public Glance servers operators can opt to deploy before we disclose this. For example an "optional patch" that an OSSN on the issue could mention.