[openstack-dev] Hyperv test blobs?
Joshua Harlow
harlowja at yahoo-inc.com
Wed Dec 5 21:43:04 UTC 2012
Ya, there seems to have been many commits.
I didn't raise it to strongly but in
https://review.openstack.org/#/c/15743/ I never quite got a response.
On 12/5/12 4:14 AM, "Sean Dague" <sdague at linux.vnet.ibm.com> wrote:
>On 12/04/2012 05:25 PM, Joshua Harlow wrote:
>> Hi all,
>>
>> I was just looking into some of the tests and came across some hyperv
>> stuff that I don't understand.
>>
>> Possibly somehow can help me understand whats happening here.
>>
>> https://github.com/openstack/nova/tree/master/nova/tests/hyperv/stubs
>>
>> There seem to be a bunch of binary serialized objects here that contain
>> some secret hidden code used during testing (probably not harmful but
>> who am I to say when the contents aren't visible). From a little decode
>> script that I wrote to try to see whats going on here @
>> http://paste.ubuntu.com/1411286/ (that¹s just a decode of one of those
>> files) is it possible that in the future we can not accept such binary
>> blobs (even for testing). Not to set off a /panic/, but if binary blobs
>> are allowed in, then who is really sure that said blob isn't executing
>> some code on my CI machine (or elsewhere) that could be doing malicious
>> activities. Without clear-text source files, its pretty hard to say that
>> they aren't (yes its just for testing, but that¹s besides the point).
>>
>> Did anyone besides the committers peek into those files to determine
>> what is going on there (reviewers?)?
>>
>> It looks like a 'future statement' said that json will go in @
>>
>>(https://github.com/openstack/nova/blob/master/nova/tests/hyperv/README.r
>>st),
>> but shouldn't that have happened to begin with?
>>
>> Crappy decoder script @ http://paste.ubuntu.com/1411300/
>>
>> Thoughts welcome.
>
>I agree with you. The last nova meeting actually had the hyperv driver
>as a topic for 30 minutes because of this issue -
>http://eavesdrop.openstack.org/meetings/nova/2012/nova.2012-11-29-21.01.ht
>ml
>
>I'd be fine saying that new hyper-v patches are blocked until this is
>fixed, but that didn't seem to be the general feeling on things.
>
>It's also incredibly helpful if others raise the issues in the review
>queue as well - https://review.openstack.org/#/c/16843/. You don't need
>-2 powers to raise concerns.
>
> -Sean
>
>--
>Sean Dague
>IBM Linux Technology Center
>email: sdague at linux.vnet.ibm.com
>alt-email: sldague at us.ibm.com
>
>
>_______________________________________________
>OpenStack-dev mailing list
>OpenStack-dev at lists.openstack.org
>http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
More information about the OpenStack-dev
mailing list