Open Stack

>>On 2014-11-13 18:28:14 +0100 (+0100), Ihar Hrachyshka wrote:
>>[...]
>> I think those who maintain glance_store module in downstream
>> distributions will cherry-pick the security fix into their
>> packages, so there is nothing to do in terms of stable branches to
>> handle the security issue.
>>[...]

>As a counterargument, some Oslo libs have grown stable branches for
>security backports and cut corresponding point releases on an
>as-needed basis so as to avoid introducing new features in stable
>server deployments.
>-- 
>Jeremy Stanley

The current glance stable/juno requirement for glance_store is >= 0.1.1.

If you run stable/juno against glance_store 0.1.1 and try
to create an image, you get (multi-tenant store):

$ glance image-create --name image1 --container-format bare --disk-format raw
<html>
  <head>
   <title>410 Gone</title>
  </head>
  <body>
   <h1>410 Gone</h1>
   Error in store configuration. Adding images to store is disabled.<br /><br />
  </body>
</html> (HTTP N/A)

With the latest (0.1.9) glance_store, you get:

$ glance image-create --name image1 --container-format bare --disk-format raw
<html>
  <head>
   <title>500 Internal Server Error</title>
  </head>
  <body>
   <h1>500 Internal Server Error</h1>
   Failed to upload image 702d5865-8925-4d0d-b52c-c93833dc5eaa<br /><br />
  </body>
</html> (HTTP 500)

Before glance_store was separated out it would have been straightforward
to backport the relevant fixes to Glance's tightly coupled in-tree store code.

I'm neutral on the mechanics, but I think we need to get to a point where
if someone is running stable/juno and has a version of glance_store which
satisfies what's specified in requirements.txt they should have secure,
working code.

-Stuart