Open Stack

Joshua Harlow wrote:
> https://github.com/openstack/nova/tree/master/nova/tests/hyperv/stubs
> 
> There seem to be a bunch of binary serialized objects here that contain
> some secret hidden code used during testing (probably not harmful but
> who am I to say when the contents aren't visible). From a little decode
> script that I wrote to try to see whats going on here
> @ http://paste.ubuntu.com/1411286/ (that’s just a decode of one of those
> files) is it possible that in the future we can not accept such binary
> blobs (even for testing). Not to set off a /panic/, but if binary blobs
> are allowed in, then who is really sure that said blob isn't executing
> some code on my CI machine (or elsewhere) that could be doing malicious
> activities. Without clear-text source files, its pretty hard to say that
> they aren't (yes its just for testing, but that’s besides the point). 

Yes, I was also annoyed by that when I discovered it. It's not that our
sources should absolutely not contain binary files (there are a few
images out there), but the fact that we can't easily regenerate those
binary mock blobs (or check that they are harmless) is quite... disturbing.

> Did anyone besides the committers peek into those files to determine
> what is going on there (reviewers?)?
> 
> It looks like a 'future statement' said that json will go in @
> (https://github.com/openstack/nova/blob/master/nova/tests/hyperv/README.rst),
> but shouldn't that have happened to begin with?

I'd like that to happen ASAP too, but I have no idea how much work is
involved. Let's see what the Hyper-V crew says.

Thanks for raising this, it fell off of my radar.

-- 
Thierry Carrez (ttx)
Release Manager, OpenStack