Hi, I have a question in regards to Openstack Glance and if I got it right this can be a place to ask, if I am wrong please kindly point me in the right direction. When you enable Image Signing and Certificate Validation in nova.conf: [glance] verify_glance_signatures = True enable_certificate_validation = True Will this stop users from uploading unsigned images or using unsigned images to spin up instances? Intuitively I feel that it will enforce checks only if the signature property exists, but what if it doesn't? Does it control in any way unsigned images? Does it stop users from uploading or using anything unsigned? Would an image without the signing properties just be rejected? If this feature doesn't stop the use of unsigned images as a security control what is the logic behind it then? Is this meant not to stop users from using unsigned images but such that people who do use signed images have verification for their code? So if the goal is to stop people from using random images and image signing and validation is not the answer what would be? Kind Regards, S. Andronic