All,
After over five years of contributing security features to OpenStack, the
JHUAPL team is wrapping up our involvement with OpenStack.
To all who have reviewed/improved/accepted our contributions, thank you. It
has been a pleasure to be a part of the community.
Regards,
The JHUAPL
Matt,
The end goal is that certificate validation will always occur alongside
signature validation, but we wanted there to be an upgrade path that would
allow signature validation to continue to work until certificate validation was
set up. See the first paragraph of the proposed change in
Hello,
I have found the Gerrit Dashboard Creator (see
https://github.com/openstack/gerrit-dash-creator ) to be very helpful when
putting together queries.
Thanks,
~Brianna
On 12/8/17, 16:25, "Sławek Kapłoński" wrote:
Hello,
I’m trying to personalize my
Hello,
There has recently been additional discussion about the best way to handle
image signature verification in glance and nova [1]. There are two
options being discussed for the signature (the examples below using
'RSA-PSS' as the type, and SHA-256 as the hash method):
1. The signature is of
valid if we allow them to reside in Glance
>In a "killed" state. This would be less of an issue "killed" images still
>consume storage quota until actually deleted.
>Also given MD-5 less secure, why not have the default hash be SHA-1 or 2?
>Regards
>Mali
Stuart is right about what will currently happen in Nova when an image is
downloaded, which protects against unintentional modifications to the
image data.
What is currently being worked on is adding the ability to verify a
signature of the checksum. The flow of this is as follows:
1. The user