Comment 15 for bug 1592000
Revision history for this message
| Armando Migliaccio (armando-migliaccio) wrote | #15 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
After going through this report once again, Ihar's comments really resonate with me. If we go back and revisit this in the context of security groups, this may be indeed problematic. Even if we involved operators for feedback, reality is the default security group for Neutron has historically contained a specific set of rules; if we now allow the admin to change this, the aware user must discover the new rules by poking their default security group; the unaware one may unwillingly be exposed to a more lax set of rules.
If we deferred this use case scenario to FWaaS, I imagine that at least the unaware user would not get caught in the potential security hole as FWaaS cannot make security groups less restrictive.