[Openstack-security] [openstack/nova-specs] SecurityImpact review request change Id2304adeb9490a630e1979bb70037ad8a2656d73
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Thu Aug 18 12:06:30 UTC 2016
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/357151
Log:
commit 360537ac823002cf832ce20b7412ded8d65773dc
Author: Peter Hamilton <peter.hamilton at jhuapl.edu>
Date: Thu Aug 18 07:45:50 2016 -0400
Add support for certificate validation
This spec describes changes to the Cursive library that would
allow Nova to perform certificate validation when verifying
Glance image signatures. While image signing ensures that image
data is obtained unmodified from Glance, it does not prevent
an attacker from uploading and signing a malicious image. The
addition of certificate trust store support in Cursive allows
Nova admins to control which certificates are allowed to sign
images used on their compute nodes.
This spec describes work related to image verification. For
more information, see: https://review.openstack.org/#/c/343654
SecurityImpact
DocImpact
Change-Id: Id2304adeb9490a630e1979bb70037ad8a2656d73
More information about the Openstack-security
mailing list