[glance][interop] standardized image "name" ?

Jeremy Stanley fungi at yuggoth.org
Fri Apr 12 18:06:41 UTC 2019

On 2019-04-12 09:27:35 -0500 (-0500), Sean McGinnis wrote:
> Hmm, according to the spec, Nova verifies those checksums as of Mitaka [0].
> Though Cinder did not get the same enforcement until Rocky [1].
> [0] https://specs.openstack.org/openstack/nova-specs/specs/mitaka/implemented/image-verification.html
> [1] https://specs.openstack.org/openstack/cinder-specs/specs/rocky/support-image-signature-verification.html
> (And specs are always 100% accurate, right?)

Neat, I had no idea that had improved in the past few years. At any
rate, my main point still stands: if you don't trust the operators
of that environment then the checksums are pure theater, since they
could disable checksum validation or even just serve you a
completely fictional hash from the catalog.
Jeremy Stanley
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190412/54ef5c82/attachment.sig>

More information about the openstack-discuss mailing list