Open Stack

Here are the results of the survey:

OpenStack Glance specify-an-image-ID-at-image-creation survey

This is a quick survey to find out how many people use the ability to
specify a specific image_id at the time of image creation in Glance.

Note that if you manage multiple clouds, you can fill this out
multiple times with information about each.  We encourage you to do so
to help us get an accurate idea of how widely this feature is used.

Thanks in advance for your help!

This survey closes at 23:59 UTC on Tuesday 3 October 2017.

Responses: 8 (1 response == 12.5%)

Size of deployment (in tenants):
small (1-10): 0%
medium (11-100): 12.5%
large (101-1000): 62.5%
XL (1001+): 25%

As an operator, do you use the functionality that allows you to set an
image to a specific image_id upon image creation?
yes: 12.5%
no: 87.5%

Do you know if your end users use this functionality?
yes: 12.5%
no: 50%
don't know: 37.5%

Are you aware of OSSN-0075, that explains how this functionality is a
security problem?
Yes, I already knew about it: 50%
No, I wasn't aware (but I am now!): 50%

If a policy were introduced to govern this functionality, what would you do?
Leave the policy unrestricted, I don't need to purge my database: 0%
Leave the policy unrestricted, I can trust my users not to try the
OSSN-0075 exploit: 0%
Leave the policy unrestricted because my users rely on this functionality: 0%
Restrict usage to admin users only: 12.5%
Restrict usage to admin users and other specific trusted users: 50%
Restrict usage completely (allow none), we don't need this functionality: 37.5%

Does it bother you that if a policy were introduced to govern this
functionality, it could present an interoperability problem?
It bothers me, but I don't think this is a widely-used functionality,
so it's OK: 12.5%
It bothers me, but security trumps interoperability in this case, so
it's OK: 75%
It bothers me enough that I'd prefer that this not be fixed by
introducing a policy, even if that means not fixing it at all: 0%
It bothers me enough that I'd prefer this be fixed by disallowing the
functionality completely so that it could not be used by any user
(even an admin) in any cloud: 12.5%

-- end --


On Thu, Sep 28, 2017 at 6:48 PM, Brian Rosmaita
<rosmaita.fossdev at gmail.com> wrote:
> The Glance spec freeze is coming up soon and we could use operator
> input on a proposal to govern a currently unrestricted functionality
> by policy.  The survey is 6 multiple choice questions and closes at
> 23:59 UTC on Tuesday 3 October 2017, so please fill it out right away.
>
> The purpose of the survey is to gather data concerning how many people
> use the ability to specify a specific image_id at the time of image
> creation in Glance -- so even if you've never heard of this
> functionality (and hence have never used it), it would be helpful for
> you to fill out the survey because you will give us a data point.
>
> https://goo.gl/forms/1dATtCW6V0xExRc22
>
> Thanks for your help!
> The Glance Team