Hi, The current default settings that glance ships with allows any tenant to upload an image and mark it as public for other tenants to use. I'd like to change the default (https://review.openstack.org/#/c/92739/) so that only a admin user can make an image public by default. Allowing any tenant to make an image public by default might allow a malicious tenant to trick other tenants into using their disk image which could do harm to unsuspecting tenants.
Since this is a default setting impact I wanted to ping the mailing list to see if anyone had any concerns in changing the default. In addition, to this change in glance the tempest tests will also need to be updated as well because currently there are tests that have nonadmin tenants upload images. Best, Aaron
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
