+1 :) On Jun 20, 2012, at 12:59 PM, David Nalley wrote:
> On Wed, Jun 20, 2012 at 3:50 PM, Ewan Mellor <ewan.mel...@eu.citrix.com> > wrote: >>> -----Original Message----- >>> From: David Nalley [mailto:da...@gnsa.us] >>> Sent: Wednesday, June 20, 2012 12:32 PM >>> To: cloudstack-dev@incubator.apache.org >>> Cc: Kelven Yang; Sateesh Chodapuneedi; Devdeep Singh >>> Subject: Re: Query regarding where to store encryption keys >>> >>> On Wed, Jun 20, 2012 at 3:15 PM, Vijayendra Bhamidipati >>> <vijayendra.bhamidip...@citrix.com> wrote: >>>> Hi Team, >>>> >>>> This is with reference to bug CS-15151 >>> (http://bugs.cloudstack.org/browse/CS-15151). I have some questions and >>> it would be great if you could share your knowledge and suggestions. >>>> >>> >>> >>> Why is that bug not publicly visible? >> >> Probably because it's highlighting a potential security hole. That seems >> like a reasonable precaution for the reporter to have taken. >> >> Would you like to handle these some other way? >> >> Ewan. >> > > That's a perfectly valid reason to keep it private, - though now the > content of the bug has been publicly discussed, so one wonders at the > continued utility of it being private. > > Perhaps it's a good time to segue to discussing how we wish to handle > security bugs, and get that documented. > > --David Stratosec - Secure Infrastructure as a Service o: 415.315.9385 @johnlkinsella
