incubator-cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Kinsella <...@stratosec.co>
Subject Re: Query regarding where to store encryption keys
Date Wed, 20 Jun 2012 20:09:52 GMT
+1 :)

On Jun 20, 2012, at 12:59 PM, David Nalley wrote:

> On Wed, Jun 20, 2012 at 3:50 PM, Ewan Mellor <Ewan.Mellor@eu.citrix.com> wrote:
>>> -----Original Message-----
>>> From: David Nalley [mailto:david@gnsa.us]
>>> Sent: Wednesday, June 20, 2012 12:32 PM
>>> To: cloudstack-dev@incubator.apache.org
>>> Cc: Kelven Yang; Sateesh Chodapuneedi; Devdeep Singh
>>> Subject: Re: Query regarding where to store encryption keys
>>> 
>>> On Wed, Jun 20, 2012 at 3:15 PM, Vijayendra Bhamidipati
>>> <vijayendra.bhamidipati@citrix.com> wrote:
>>>> Hi Team,
>>>> 
>>>> This is with reference to bug CS-15151
>>> (http://bugs.cloudstack.org/browse/CS-15151). I have some questions and
>>> it would be great if you could share your knowledge and suggestions.
>>>> 
>>> 
>>> 
>>> Why is that bug not publicly visible?
>> 
>> Probably because it's highlighting a potential security hole.  That seems like a
reasonable precaution for the reporter to have taken.
>> 
>> Would you like to handle these some other way?
>> 
>> Ewan.
>> 
> 
> That's a perfectly valid reason to keep it private, - though now the
> content of the bug has been publicly discussed, so one wonders at the
> continued utility of it being private.
> 
> Perhaps it's a good time to segue to discussing how we wish to handle
> security bugs, and get that documented.
> 
> --David

Stratosec - Secure Infrastructure as a Service
o: 415.315.9385
@johnlkinsella


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message