Comment 18 for bug 1282865

A few suggestions:

'vulnerability in python-keystoneclient auth_token middleware' -> 'vulnerability in Keystone auth_token middleware (shipped in python-keystoneclient)'

'can' -> 'may in certain situations'

'already uses eventlet to monkey patch "thread"' -> 'already monkey-patches "thread" to use eventlet'

Versions: I would say "all versions up to 0.6.0" -- the middleware was shipped within Keystone before, so the issue didn't start with 0.2.0.

Note that there is no need to backport the patch at all, since there is only one branch in python-keystoneclient. We may have to play tricks if we pinned python-keystoneclient to a certain version in the grizzly gate, though (a bit like the recent python-swiftclient debacle).