Happy to - Give me a day or so and I'll put a draft up in the wiki. John
On Jun 20, 2012, at 1:16 PM, Ewan Mellor wrote: > John, you just volunteered to run the CloudStack security team. > Congratulations! > > Seriously though, would you like to start with a proposal for how we should > handle these things? > > Ewan. > >> -----Original Message----- >> From: John Kinsella [mailto:j...@stratosec.co] >> Sent: Wednesday, June 20, 2012 1:10 PM >> To: cloudstack-dev@incubator.apache.org >> Subject: Re: Query regarding where to store encryption keys >> >> +1 :) >> >> On Jun 20, 2012, at 12:59 PM, David Nalley wrote: >> >>> On Wed, Jun 20, 2012 at 3:50 PM, Ewan Mellor >> <ewan.mel...@eu.citrix.com> wrote: >>>>> -----Original Message----- >>>>> From: David Nalley [mailto:da...@gnsa.us] >>>>> Sent: Wednesday, June 20, 2012 12:32 PM >>>>> To: cloudstack-dev@incubator.apache.org >>>>> Cc: Kelven Yang; Sateesh Chodapuneedi; Devdeep Singh >>>>> Subject: Re: Query regarding where to store encryption keys >>>>> >>>>> On Wed, Jun 20, 2012 at 3:15 PM, Vijayendra Bhamidipati >>>>> <vijayendra.bhamidip...@citrix.com> wrote: >>>>>> Hi Team, >>>>>> >>>>>> This is with reference to bug CS-15151 >>>>> (http://bugs.cloudstack.org/browse/CS-15151). I have some questions >> and >>>>> it would be great if you could share your knowledge and >> suggestions. >>>>>> >>>>> >>>>> >>>>> Why is that bug not publicly visible? >>>> >>>> Probably because it's highlighting a potential security hole. That >> seems like a reasonable precaution for the reporter to have taken. >>>> >>>> Would you like to handle these some other way? >>>> >>>> Ewan. >>>> >>> >>> That's a perfectly valid reason to keep it private, - though now the >>> content of the bug has been publicly discussed, so one wonders at the >>> continued utility of it being private. >>> >>> Perhaps it's a good time to segue to discussing how we wish to handle >>> security bugs, and get that documented. >>> >>> --David >> >> Stratosec - Secure Infrastructure as a Service >> o: 415.315.9385 >> @johnlkinsella > Stratosec - Secure Infrastructure as a Service o: 415.315.9385 @johnlkinsella
