[openstack-dev] [Nova] FFE Request: Encrypt Cinder volumes

John Griffith john.griffith at solidfire.com
Mon Sep 9 19:57:04 UTC 2013


On Mon, Sep 9, 2013 at 1:20 PM, Jarret Raim <jarret.raim at rackspace.com>wrote:

>
>
> On 9/9/13 9:25 AM, "Russell Bryant" <rbryant at redhat.com> wrote:
>
> >On 09/09/2013 04:57 AM, Thierry Carrez wrote:
> >> Russell Bryant wrote:
> >>> I would be good with the exception for this, assuming that:
> >>>
> >>> 1) Those from nova-core that have reviewed the code are still happy
> >>>with
> >>> it and would do a final review to get it merged.
> >>>
> >>> 2) There is general consensus that the simple config based key manager
> >>> (single key) does provide some amount of useful security.  I believe it
> >>> does, just want to make sure we're in agreement on it.  Obviously we
> >>> want to improve this in the future.
> >>
> >> +1
> >>
> >> I think this is sufficiently self-contained that the regression risk is
> >> extremely limited. It's also nice to have a significant hardening
> >> improvement in the Havana featurelist. I would just prefer if it landed
> >> ASAP since I would like as much usage around it as we can get, to make
> >> sure the previous audits didn't miss an obvious bug/security hole in it.
> >>
> >
> >The response seems positive from everyone so far.  I think we should
> >approve this and try to get it merged ASAP (absolutely this week, and
> >hopefully in the first half of the week).
> >
> >ACK on the FFE from me.
>
>
> Me as well for what it's worth. While I understand the concerns around key
> management, Barbican will have our 1.0 release for Havana and it should be
> relatively easy to integrate the proposed patches with Barbican at that
> time. Even so, the current version does offer some security and gives us
> the ability to have the code tested before we introduce another moving
> part.
>
>
> Thanks,
> Jarret Raim
>
>
> _______________________________________________
> OpenStack-dev mailing list
> OpenStack-dev at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>

Fine on the Cinder side for the related components there.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20130909/cf48bcbc/attachment.html>


More information about the OpenStack-dev mailing list