(In reply to Malte Kraus from comment #3) > Well, some life signs in bsc#1163170 would be good. OK, I just updated bsc#1163170 > I suppose I can expedite the whitelisting though, since the current state is > in a bunch of products anyway. It seems to me that: (1) the possible security issue described in bsc#1163170 has been there for a long time and it's not really clear that it's exploitable (2) it would make sense to whitelist now, so as not to block downstream Ceph development while the security implications of bsc#1163170 are being hashed out.