cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Kinsella <...@stratosec.co>
Subject Re: Query regarding where to store encryption keys
Date Wed, 20 Jun 2012 20:21:17 GMT
Happy to - Give me a day or so and I'll put a draft up in the wiki.

John

On Jun 20, 2012, at 1:16 PM, Ewan Mellor wrote:

> John, you just volunteered to run the CloudStack security team.  Congratulations!
> 
> Seriously though, would you like to start with a proposal for how we should handle these
things?
> 
> Ewan.
> 
>> -----Original Message-----
>> From: John Kinsella [mailto:jlk@stratosec.co]
>> Sent: Wednesday, June 20, 2012 1:10 PM
>> To: cloudstack-dev@incubator.apache.org
>> Subject: Re: Query regarding where to store encryption keys
>> 
>> +1 :)
>> 
>> On Jun 20, 2012, at 12:59 PM, David Nalley wrote:
>> 
>>> On Wed, Jun 20, 2012 at 3:50 PM, Ewan Mellor
>> <Ewan.Mellor@eu.citrix.com> wrote:
>>>>> -----Original Message-----
>>>>> From: David Nalley [mailto:david@gnsa.us]
>>>>> Sent: Wednesday, June 20, 2012 12:32 PM
>>>>> To: cloudstack-dev@incubator.apache.org
>>>>> Cc: Kelven Yang; Sateesh Chodapuneedi; Devdeep Singh
>>>>> Subject: Re: Query regarding where to store encryption keys
>>>>> 
>>>>> On Wed, Jun 20, 2012 at 3:15 PM, Vijayendra Bhamidipati
>>>>> <vijayendra.bhamidipati@citrix.com> wrote:
>>>>>> Hi Team,
>>>>>> 
>>>>>> This is with reference to bug CS-15151
>>>>> (http://bugs.cloudstack.org/browse/CS-15151). I have some questions
>> and
>>>>> it would be great if you could share your knowledge and
>> suggestions.
>>>>>> 
>>>>> 
>>>>> 
>>>>> Why is that bug not publicly visible?
>>>> 
>>>> Probably because it's highlighting a potential security hole.  That
>> seems like a reasonable precaution for the reporter to have taken.
>>>> 
>>>> Would you like to handle these some other way?
>>>> 
>>>> Ewan.
>>>> 
>>> 
>>> That's a perfectly valid reason to keep it private, - though now the
>>> content of the bug has been publicly discussed, so one wonders at the
>>> continued utility of it being private.
>>> 
>>> Perhaps it's a good time to segue to discussing how we wish to handle
>>> security bugs, and get that documented.
>>> 
>>> --David
>> 
>> Stratosec - Secure Infrastructure as a Service
>> o: 415.315.9385
>> @johnlkinsella
> 

Stratosec - Secure Infrastructure as a Service
o: 415.315.9385
@johnlkinsella


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message