[openstack-dev] [Openstack-operators] [nova] Is verification of images in the image cache necessary?
mbooth at redhat.com
Tue May 24 15:02:00 UTC 2016
On Tue, May 24, 2016 at 1:15 PM, Fichter, Dane G. <Dane.Fichter at jhuapl.edu>
> Hi John and Matt,
> I actually have a spec and patch up for review addressing some of what
> you’re referring to below.
> I think you’re quite right that the existing ImageCacheManager code serves
> little purpose. What I propose here is a cryptographically stronger
> verification meant to protect against both deliberate modification by an
> adversary, as well as accidental sources of disk corruption. If you like, I
> can deprecate the checksum-based verification code in the image cache as a
> part of this change. Feel free me to email me back or ping me on IRC
> (dane-fichter) in order to discuss more.
Thanks Dane, reviewed. I don't think the details are right yet, but I do
think this is the way to go. I also think we need to entirely divorce this
functionality from the image cache.
Red Hat Engineering, Virtualisation Team
Phone: +442070094448 (UK)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OpenStack-dev