efault hash be SHA-1 or 2?
Regards
Malini
-Original Message-
From: Poulos, Brianna L. [mailto:brianna.pou...@jhuapl.edu]
Sent: Wednesday, September 09, 2015 9:54 AM
To: OpenStack Development Mailing List (not for usage questions)
Cc: stuart.mcla...@hp.com
Subject: Re: [openstack-dev] [
t;killed" state. This would be less of an issue "killed" images
>>>> still
>>>> consume storage quota until actually deleted.
>>>> Also given MD-5 less secure, why not have the default hash be SHA-1
>>>> or 2?
>>>> Regard
cla...@hp.com
Subject: Re: [openstack-dev] [glance] [nova] Verification of
glance
images before boot
Stuart is right about what will currently happen in Nova when
an image is
downlo
lance
>>In a "killed" state. This would be less of an issue
>> "killed"
>> images still
>> consume storage quota until actually deleted.
>>Also given MD-5 less secure, why not have the defau
9, 2015 9:54 AM
To: OpenStack Development Mailing List (not for usage
questions)
Cc: stuart.mcla...@hp.com
Subject: Re: [openstack-dev] [glance] [nova]
Verification of
glance
images before boot
: Re: [openstack-dev] [glance] [nova] Verification of glance images
before boot
Stuart is right about what will currently happen in Nova when an image is
downloaded, which protects against unintentional modifications to the image
data.
What is currently being worked on is adding the ability t
ni
>
>-Original Message-
>From: Poulos, Brianna L. [mailto:brianna.pou...@jhuapl.edu]
>Sent: Wednesday, September 09, 2015 9:54 AM
>To: OpenStack Development Mailing List (not for usage questions)
>Cc: stuart.mcla...@hp.com
>Subject: Re: [openstack-dev] [glance] [nova] Verificat
ay, September 09, 2015 9:54 AM
>> To: OpenStack Development Mailing List (not for usage questions)
>> Cc: stuart.mcla...@hp.com
>> Subject: Re: [openstack-dev] [glance] [nova] Verification of glance
>> images before boot
>>
>> Stuart is right about what will curren
How can I know that the image that a new instance is spawned from - is
actually the image that was originally registered in glance - and has
not been maliciously tampered with in some way?
Is there some kind of verification that is performed against the md5sum
of the registered image in
That's correct.
The size and the checksum are to be verified outside of Glance, in this
case Nova. However, you may want to note that it's not necessary that
all Nova virt drivers would use py-glanceclient so you would want to
check the download specific code in the virt driver your Nova
The glance client (running 'inside' the Nova server) will re-calculate
the checksum as it downloads the image and then compare it against the
expected value. If they don't match an error will be raised.
How can I know that the image that a new instance is spawned from - is
actually the image
Stuart is right about what will currently happen in Nova when an image is
downloaded, which protects against unintentional modifications to the
image data.
What is currently being worked on is adding the ability to verify a
signature of the checksum. The flow of this is as follows:
1. The user
On 09/09/2015 10:53 AM, Poulos, Brianna L. wrote:
Stuart is right about what will currently happen in Nova when an image is
downloaded, which protects against unintentional modifications to the
image data.
What is currently being worked on is adding the ability to verify a
signature of the
13 matches
Mail list logo
