[Openstack-security] [openstack/nova-specs] SecurityImpact review request change I121b2e7641c77a4872a1e801eb039050e6a996ea
gerrit2 at review.openstack.org
gerrit2 at review.openstack.org
Tue Aug 15 17:21:20 UTC 2017
Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/488541
Log:
commit a0f4638eaee90d9d1d901adfffb611ffecd28dc1
Author: Peter Hamilton <peter.hamilton at jhuapl.edu>
Date: Fri Jul 28 13:18:30 2017 -0400
Add support for certificate validation
This spec describes changes that would allow Nova to perform
certificate validation when verifying Glance image signatures.
While image signing ensures that image data is obtained
unmodified from Glance, it does not prevent an attacker from
uploading and signing a malicious image. The addition of Nova
API changes allows Nova users to control the certificates
which are allowed to sign images.
This spec describes work related to image verification. For
more information, see: https://review.openstack.org/#/c/343654
APIImpact
DocImpact
SecurityImpact
Previously-approved: Pike
Change-Id: I121b2e7641c77a4872a1e801eb039050e6a996ea
More information about the Openstack-security
mailing list