First, we need to be clear that if the rbd_keyring_conf option is NOT used (which is the standard deployment scenario), this vulnerability does not arise.
Second, my proposal for fixing this is:
(1) Deprecate the option now (in Ussuri) for removal in V.
(2) Issue the OSSA explaining the problem and explaining that the mitigation is to not use the rbd_keyring_conf option.
First, we need to be clear that if the rbd_keyring_conf option is NOT used (which is the standard deployment scenario), this vulnerability does not arise.
Second, my proposal for fixing this is:
(1) Deprecate the option now (in Ussuri) for removal in V.
(2) Issue the OSSA explaining the problem and explaining that the mitigation is to not use the rbd_keyring_conf option.