[Openstack-security] [openstack/nova-specs] SecurityImpact review request change Id2304adeb9490a630e1979bb70037ad8a2656d73

gerrit2 at review.openstack.org gerrit2 at review.openstack.org
Mon Aug 29 15:04:35 UTC 2016


Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/357151

Log:
commit f622c492c2c31286788fcd4e0e8ae700181be973
Author: Peter Hamilton <peter.hamilton at jhuapl.edu>
Date:   Thu Aug 18 07:45:50 2016 -0400

    Add support for certificate validation
    
    This spec describes changes to the Cursive library that would
    allow Nova to perform certificate validation when verifying
    Glance image signatures. While image signing ensures that image
    data is obtained unmodified from Glance, it does not prevent
    an attacker from uploading and signing a malicious image. The
    addition of certificate trust store support in Cursive allows
    Nova admins to control which certificates are allowed to sign
    images used on their compute nodes.
    
    This spec describes work related to image verification. For
    more information, see: https://review.openstack.org/#/c/343654
    
    SecurityImpact
    DocImpact
    
    Change-Id: Id2304adeb9490a630e1979bb70037ad8a2656d73





More information about the Openstack-security mailing list