On Mon, Sep 9, 2013 at 1:20 PM, Jarret Raim <jarret.r...@rackspace.com>wrote:
> > > On 9/9/13 9:25 AM, "Russell Bryant" <rbry...@redhat.com> wrote: > > >On 09/09/2013 04:57 AM, Thierry Carrez wrote: > >> Russell Bryant wrote: > >>> I would be good with the exception for this, assuming that: > >>> > >>> 1) Those from nova-core that have reviewed the code are still happy > >>>with > >>> it and would do a final review to get it merged. > >>> > >>> 2) There is general consensus that the simple config based key manager > >>> (single key) does provide some amount of useful security. I believe it > >>> does, just want to make sure we're in agreement on it. Obviously we > >>> want to improve this in the future. > >> > >> +1 > >> > >> I think this is sufficiently self-contained that the regression risk is > >> extremely limited. It's also nice to have a significant hardening > >> improvement in the Havana featurelist. I would just prefer if it landed > >> ASAP since I would like as much usage around it as we can get, to make > >> sure the previous audits didn't miss an obvious bug/security hole in it. > >> > > > >The response seems positive from everyone so far. I think we should > >approve this and try to get it merged ASAP (absolutely this week, and > >hopefully in the first half of the week). > > > >ACK on the FFE from me. > > > Me as well for what it's worth. While I understand the concerns around key > management, Barbican will have our 1.0 release for Havana and it should be > relatively easy to integrate the proposed patches with Barbican at that > time. Even so, the current version does offer some security and gives us > the ability to have the code tested before we introduce another moving > part. > > > Thanks, > Jarret Raim > > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > Fine on the Cinder side for the related components there.
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev