OpenStack Security Advisories are a channel to notify consumers of the software of vulnerabilities which we have corrected, and to urge them to upgrade to protect their deployments. If the plan instead is to merely provide guidance to operators that they should make configuration changes to secure their deployments, we have a different mechanism for that which we refer to as OpenStack Security Notes (these are considered addenda of the Security Manual essentially). Rule of thumb, any solution which is "default secure" gets an OSSA, solutions requiring setting non-default configuration to mitigate are OSSN.
OpenStack Security Advisories are a channel to notify consumers of the software of vulnerabilities which we have corrected, and to urge them to upgrade to protect their deployments. If the plan instead is to merely provide guidance to operators that they should make configuration changes to secure their deployments, we have a different mechanism for that which we refer to as OpenStack Security Notes (these are considered addenda of the Security Manual essentially). Rule of thumb, any solution which is "default secure" gets an OSSA, solutions requiring setting non-default configuration to mitigate are OSSN.