[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Openstack-security] [openstack/nova-specs] SecurityImpact review request change openstack%2Fnova-specs~master~I121b2e7641c77a4872a1e801eb039050e6a996ea


Hi, I'd like you to take a look at this patch for potential
SecurityImpact.
https://review.openstack.org/488541

Log:
commit ffdbd9d0709b81379faff7e5399f22176b26141d
Author: Peter Hamilton <peter.hamilton at jhuapl.edu>
Date:   Fri Jul 28 13:18:30 2017 -0400

    Add support for certificate validation
    
    This spec describes changes that would allow Nova to perform
    certificate validation when verifying Glance image signatures.
    While image signing ensures that image data is obtained
    unmodified from Glance, it does not prevent an attacker from
    uploading and signing a malicious image. The addition of Nova
    API changes allows Nova users to control the certificates
    which are allowed to sign images.
    
    This spec describes work related to image verification. For
    more information, see: https://review.openstack.org/#/c/343654
    
    APIImpact
    DocImpact
    SecurityImpact
    
    Previously-approved: Pike
    Change-Id: I121b2e7641c77a4872a1e801eb039050e6a996ea