Given that the proposed fix seems like it's taking a non-backportable route, I'm going to mark the security advisory task as won't fix citing report class B1 or maybe C2 per the OpenStack VMT's report taxonomy: https://security.openstack.org/vmt-process.html#incident-report-taxonomy (which class it is depends on whether you view the cinder patch as a vulnerability fix or merely a workaround for a vulnerability in the vendor's device).
Given that the proposed fix seems like it's taking a non-backportable route, I'm going to mark the security advisory task as won't fix citing report class B1 or maybe C2 per the OpenStack VMT's report taxonomy: https:/ /security. openstack. org/vmt- process. html#incident- report- taxonomy (which class it is depends on whether you view the cinder patch as a vulnerability fix or merely a workaround for a vulnerability in the vendor's device).