[glance][interop] standardized image "name" ?

Thomas Goirand zigo at debian.org
Sat Apr 13 22:53:47 UTC 2019

On 4/12/19 8:06 PM, Jeremy Stanley wrote:
> On 2019-04-12 09:27:35 -0500 (-0500), Sean McGinnis wrote:
> [...]
>> Hmm, according to the spec, Nova verifies those checksums as of Mitaka [0].
>> Though Cinder did not get the same enforcement until Rocky [1].
>> [0] https://specs.openstack.org/openstack/nova-specs/specs/mitaka/implemented/image-verification.html
>> [1] https://specs.openstack.org/openstack/cinder-specs/specs/rocky/support-image-signature-verification.html
>> (And specs are always 100% accurate, right?)
> Neat, I had no idea that had improved in the past few years. At any
> rate, my main point still stands: if you don't trust the operators
> of that environment then the checksums are pure theater, since they
> could disable checksum validation or even just serve you a
> completely fictional hash from the catalog.

If you believe your host is capable of such things, you probably should
go somewhere else.


Thomas Goirand (zigo)

More information about the openstack-discuss mailing list