> Also, as openstack/os-vif is not tagged vulnerability:managed in governance and the Nova bugtask was invalidated, I'm marking our Advisory task Won't Fix but am still happy to assist the maintainers with any advisory they consider relevant.
Based on what mnaser said in #openstack-nova today [1], this bug involves VMs being able to see other VMs network traffic, which is a serious security issue worthy of an advisory for operators, IMHO. Does anyone else agree?
And if I'm not missing something about the severity of this issue, should openstack/os-vif be tagged vulnerability:managed, to ensure we get proper security handling of bugs in the future?
> Also, as openstack/os-vif is not tagged vulnerability: managed in governance and the Nova bugtask was invalidated, I'm marking our Advisory task Won't Fix but am still happy to assist the maintainers with any advisory they consider relevant.
Based on what mnaser said in #openstack-nova today [1], this bug involves VMs being able to see other VMs network traffic, which is a serious security issue worthy of an advisory for operators, IMHO. Does anyone else agree?
And if I'm not missing something about the severity of this issue, should openstack/os-vif be tagged vulnerability: managed, to ensure we get proper security handling of bugs in the future?
[1] http:// eavesdrop. openstack. org/irclogs/ %23openstack- nova/%23opensta ck-nova. 2019-08- 22.log. html#t2019- 08-22T19: 48:38