Comment 30 for bug 1824248

Seems there's support for switching this to public and no real disagreement with my suggestion a month ago to treat this as a security hardening opportunity rather than a vulnerability, so I'll triage it publicly as such now and we can continue to debate/fix without any further embargo.

Treating as a class D report per https://security.openstack.org/vmt-process.html#incident-report-taxonomy .