Hi, I'd like you to take a look at this patch for potential SecurityImpact. https://review.openstack.org/252462 Log: commit a76ce8b9ec613c3f0a83ae9d624d8617f51211f2 Author: Brianna Poulos <Brianna.Poulos at jhuapl.edu> Date: Wed Dec 2 10:32:41 2015 -0500 Update Image Signature Verification Spec Per discussion on the mailing list [1] and the related nova specification [2] it has been decided that the signature should be of the image data directly, rather than of the glance MD5 "checksum" hash of the image data. This spec updates the prior approved and implemented Liberty spec with these modifications. [1] http://bit.ly/1Q0M0C7 [2] https://review.openstack.org/#/c/188874/19 DocImpact SecurityImpact Related-Bug: #1516031 Change-Id: Ibc66afbab2ce3192134422740fd6a4379a03305c