osdir.com


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[glance][interop] standardized image "name" ?


On Fri, Apr 12, 2019 at 09:00:31AM +0200, Thomas Goirand wrote:
> On 4/12/19 1:28 AM, Jeremy Stanley wrote:
> > On 2019-04-12 00:40:03 +0200 (+0200), Thomas Goirand wrote:
> >> In such case, you know your cloud provider hasn't modified the
> >> official Debian image.
> >
> > Well, last I checked, Nova doesn't *actually* verify those
> > checksums, and even if it did the software could still be adjusted
> > by a malicious operator anyway.
>
> Oh, what do you mean? I thought it had an option for that...
>
> Cheers,
>
> Thomas Goirand (zigo)
>

Hmm, according to the spec, Nova verifies those checksums as of Mitaka [0].
Though Cinder did not get the same enforcement until Rocky [1].

[0] https://specs.openstack.org/openstack/nova-specs/specs/mitaka/implemented/image-verification.html
[1] https://specs.openstack.org/openstack/cinder-specs/specs/rocky/support-image-signature-verification.html

(And specs are always 100% accurate, right?)