[glance][interop] standardized image "name" ?
zigo at debian.org
Sat Apr 13 22:53:47 UTC 2019
On 4/12/19 8:06 PM, Jeremy Stanley wrote:
> On 2019-04-12 09:27:35 -0500 (-0500), Sean McGinnis wrote:
>> Hmm, according to the spec, Nova verifies those checksums as of Mitaka .
>> Though Cinder did not get the same enforcement until Rocky .
>>  https://specs.openstack.org/openstack/nova-specs/specs/mitaka/implemented/image-verification.html
>>  https://specs.openstack.org/openstack/cinder-specs/specs/rocky/support-image-signature-verification.html
>> (And specs are always 100% accurate, right?)
> Neat, I had no idea that had improved in the past few years. At any
> rate, my main point still stands: if you don't trust the operators
> of that environment then the checksums are pure theater, since they
> could disable checksum validation or even just serve you a
> completely fictional hash from the catalog.
If you believe your host is capable of such things, you probably should
go somewhere else.
Thomas Goirand (zigo)
More information about the openstack-discuss