Hey all, For the Liberty development cycle, I've proposed a specification for a refactor of Glance's HTTP Store - https://review.openstack.org/#/c/189537/.
In short, currently Glance's HTTP Store driver does not verify HTTPS connections. This allows for a couple of attacks of varying severity. We had a short discussion in our meeting yesterday (http://eavesdrop.openstack.org/meetings/glance/2015/glance.2015-06-11-14.0 0.log.html) and one person suggested that the new configuration options being proposed should default to insecure. If we decide to make them insecure as a default this will make upgrades much easier on operators but will mean that protection against the attacks described will be opt-in, at least for one cycle. So, I'm asking for your feedback because this is really intended to benefit you. Are you using the HTTP store? Are you serving your images over HTTPS? Would you be in favor of turning HTTPS verification on by default? Why or why not? Cheers, Ian _______________________________________________ OpenStack-operators mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
