Matthew Oliver (Swift)
Tomoki Sekiyama (Cinder)
Yamada Hideki (Sheepdog)
Matthew: I believe that Swift could be vulnerable, but only if a deployer used non-recommended, non-default configuration options. (Please confirm/deny.) My primary reason for adding you here is to make sure that the proposed fix won't somehow cause a problem for "normal" Swift deployments.
Tomoki: I believe that a deployer using the Cinder backend who wanted to take advantage of cinder-side quick snapshotting would have to use the same non-default configuration options as the Ceph backend. (1) Would that make Cinder vulnerable to this exploit, and if so, will the proposed fix work for Cinder? (2) Please monitor the proposed fix to make sure it either works for Cinder (if Cinder is vulnerable) or won't cause a problem (if Cinder isn't vulnerable).
Yamada: I don't know anything about the Sheepdog backend, can you indicate whether Sheepdog is vulnerable to this exploit, and if so, whether the proposed fix will work? In either case, please continue to monitor the proposed fix to either make sure it works or make sure it won't cause a regression that breaks the Sheepdog backend.
Adding the remaining driver maintainers:
Matthew Oliver (Swift)
Tomoki Sekiyama (Cinder)
Yamada Hideki (Sheepdog)
Matthew: I believe that Swift could be vulnerable, but only if a deployer used non-recommended, non-default configuration options. (Please confirm/deny.) My primary reason for adding you here is to make sure that the proposed fix won't somehow cause a problem for "normal" Swift deployments.
Tomoki: I believe that a deployer using the Cinder backend who wanted to take advantage of cinder-side quick snapshotting would have to use the same non-default configuration options as the Ceph backend. (1) Would that make Cinder vulnerable to this exploit, and if so, will the proposed fix work for Cinder? (2) Please monitor the proposed fix to make sure it either works for Cinder (if Cinder is vulnerable) or won't cause a problem (if Cinder isn't vulnerable).
Yamada: I don't know anything about the Sheepdog backend, can you indicate whether Sheepdog is vulnerable to this exploit, and if so, whether the proposed fix will work? In either case, please continue to monitor the proposed fix to either make sure it works or make sure it won't cause a regression that breaks the Sheepdog backend.
Thank you!