Hi, I'd like you to take a look at this patch for potential SecurityImpact. https://review.openstack.org/252462 Log: commit 735542b3ec455ddf76cbbc9e41ffb43b4cd22f51 Author: Brianna Poulos <Brianna.Poulos at jhuapl.edu> Date: Wed Dec 2 10:32:41 2015 -0500 Update Image Signature Verification Spec Per discussion on the mailing list [1] and the related nova specification [2] it has been decided that the signature should be of the image data directly, rather than of the glance MD5 "checksum" hash of the image data. This spec updates the prior approved and implemented Liberty spec with these modifications. [1] http://bit.ly/1Q0M0C7 [2] https://review.openstack.org/#/c/188874/19 DocImpact SecurityImpact Related-Bug: #1516031 Change-Id: Ibc66afbab2ce3192134422740fd6a4379a03305c