Open Stack

On 12/06/15 02:31 +0000, Ian Cordasco wrote:
>Hey all,
>
>For the Liberty development cycle, I've proposed a specification for a
>refactor of Glance's HTTP Store - https://review.openstack.org/#/c/189537/.
>
>In short, currently Glance's HTTP Store driver does not verify HTTPS
>connections. This allows for a couple of attacks of varying severity. We
>had a short discussion in our meeting yesterday
>(http://eavesdrop.openstack.org/meetings/glance/2015/glance.2015-06-11-14.0
>0.log.html) and one person suggested that the new configuration options
>being proposed should default to insecure. If we decide to make them
>insecure as a default this will make upgrades much easier on operators but
>will mean that protection against the attacks described will be opt-in, at
>least for one cycle.
>
>So, I'm asking for your feedback because this is really intended to
>benefit you.
>
>Are you using the HTTP store?
>
>Are you serving your images over HTTPS?
>
>Would you be in favor of turning HTTPS verification on by default? Why or
>why not?

Can we just add it as insecure for a couple of releases (or just one)
w/ a warning saying that it'll be changed to secure?

This won't take that much work out of OPs since it'll be required to
update the config anyway but at least it'll give enough time and it'll
allow for gradual updates.

Thanks for working on this, Ian.
Flavio

-- 
@flaper87
Flavio Percoco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-operators/attachments/20150612/9d7615e5/attachment.pgp>