[openstack-dev] [barbican][cinder][glance][nova] Goodbye from JHUAPL

All, After over five years of contributing security features to OpenStack, the JHUAPL team is wrapping up our involvement with OpenStack. To all who have reviewed/improved/accepted our contributions, thank you. It has been a pleasure to be a part of the community. Regards, The JHUAPL

Re: [openstack-dev] [nova] Confusion over how enable_certificate_validation is meant to be used

Matt, The end goal is that certificate validation will always occur alongside signature validation, but we wanted there to be an upgrade path that would allow signature validation to continue to work until certificate validation was set up. See the first paragraph of the proposed change in

Re: [openstack-dev] Gerrit custom menu entries - help needed

Hello, I have found the Gerrit Dashboard Creator (see https://github.com/openstack/gerrit-dash-creator ) to be very helpful when putting together queries. Thanks, ~Brianna On 12/8/17, 16:25, "Sławek Kapłoński" wrote: Hello, I’m trying to personalize my

[openstack-dev] [glance] [nova] Image Signature Verification

Hello, There has recently been additional discussion about the best way to handle image signature verification in glance and nova [1]. There are two options being discussed for the signature (the examples below using 'RSA-PSS' as the type, and SHA-256 as the hash method): 1. The signature is of

Re: [openstack-dev] [glance] [nova] Verification of glance images before boot

valid if we allow them to reside in Glance >In a "killed" state. This would be less of an issue "killed" images still >consume storage quota until actually deleted. >Also given MD-5 less secure, why not have the default hash be SHA-1 or 2? >Regards >Mali

Re: [openstack-dev] [glance] [nova] Verification of glance images before boot

Stuart is right about what will currently happen in Nova when an image is downloaded, which protects against unintentional modifications to the image data. What is currently being worked on is adding the ability to verify a signature of the checksum. The flow of this is as follows: 1. The user