Comment 7 for bug 1732294

On 11/14/2017 08:52 PM, Tristan Cacqueray wrote:
> Sure, it's better to be safe than sorry.
>
> For the record we do not have (yet) a hard limit on the acceptable
> duration of report embargoes. In the event we open a bug report, it will
> have to go through an embargo-exception first, as explained here:
> https://security.openstack.org/vmt-process.html#embargo-exceptions
>
> Also it's worth noting that vulnerability reporters retain final control
> over the disclosure of their findings. If for some reason they are
> uncomfortable with our process, their choice of disclosure terms
> prevails.
>
> Thanks.
>

Do what you will regarding any embargo.

I posted publicly to netdev at the request of <email address hidden>. Hopefully a fix will get in within the next few weeks.