Re: [openstack-dev] [glance] security and swift multi-tenant fixes on stable branch
On 2014-11-13 18:28:14 +0100 (+0100), Ihar Hrachyshka wrote: [...] I think those who maintain glance_store module in downstream distributions will cherry-pick the security fix into their packages, so there is nothing to do in terms of stable branches to handle the security issue. [...] As a counterargument, some Oslo libs have grown stable branches for security backports and cut corresponding point releases on an as-needed basis so as to avoid introducing new features in stable server deployments. -- Jeremy Stanley The current glance stable/juno requirement for glance_store is = 0.1.1. If you run stable/juno against glance_store 0.1.1 and try to create an image, you get (multi-tenant store): $ glance image-create --name image1 --container-format bare --disk-format raw html head title410 Gone/title /head body h1410 Gone/h1 Error in store configuration. Adding images to store is disabled.br /br / /body /html (HTTP N/A) With the latest (0.1.9) glance_store, you get: $ glance image-create --name image1 --container-format bare --disk-format raw html head title500 Internal Server Error/title /head body h1500 Internal Server Error/h1 Failed to upload image 702d5865-8925-4d0d-b52c-c93833dc5eaabr /br / /body /html (HTTP 500) Before glance_store was separated out it would have been straightforward to backport the relevant fixes to Glance's tightly coupled in-tree store code. I'm neutral on the mechanics, but I think we need to get to a point where if someone is running stable/juno and has a version of glance_store which satisfies what's specified in requirements.txt they should have secure, working code. -Stuart ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [glance] security and swift multi-tenant fixes on stable branch
On 14/11/14 11:25 +, stuart.mcla...@hp.com wrote: On 2014-11-13 18:28:14 +0100 (+0100), Ihar Hrachyshka wrote: [...] I think those who maintain glance_store module in downstream distributions will cherry-pick the security fix into their packages, so there is nothing to do in terms of stable branches to handle the security issue. [...] As a counterargument, some Oslo libs have grown stable branches for security backports and cut corresponding point releases on an as-needed basis so as to avoid introducing new features in stable server deployments. -- Jeremy Stanley The current glance stable/juno requirement for glance_store is = 0.1.1. If you run stable/juno against glance_store 0.1.1 and try to create an image, you get (multi-tenant store): [snip] Before glance_store was separated out it would have been straightforward to backport the relevant fixes to Glance's tightly coupled in-tree store code. I'm neutral on the mechanics, but I think we need to get to a point where if someone is running stable/juno and has a version of glance_store which satisfies what's specified in requirements.txt they should have secure, working code. I think releasing glance_store now with the security fix is fine. Distro packages will be updated as soon as 2014.2.1 is released and the change introduced is backwards compatible. FWIW, we're adapting glance_store's development to follow oslo libraries policies even for releases and versioning. Cheers, Flavio -- @flaper87 Flavio Percoco pgpW7NsATDPbZ.pgp Description: PGP signature ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
[openstack-dev] [glance] security and swift multi-tenant fixes on stable branch
All, The 0.1.9 version of glance_store, and glance's master branch both contain some fixes for the Swift multi-tenant store. This security related change hasn't merged to glance_store yet: https://review.openstack.org/130200 I'd like to suggest that we try to merge this security fix and release it as as glance_store '0.1.10'. Then make glance's juno/stable branch rely on glance_store '0.1.10' so that it picks up both the multi-tenant store and security fixes. The set of related glance stable branch patches would be: https://review.openstack.org/134257 https://review.openstack.org/134286 https://review.openstack.org/134289/ (0.1.10 dependency -- also requires a global requirements change) Does this seem ok? -Stuart ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [glance] security and swift multi-tenant fixes on stable branch
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 13/11/14 18:17, stuart.mcla...@hp.com wrote: All, The 0.1.9 version of glance_store, and glance's master branch both contain some fixes for the Swift multi-tenant store. This security related change hasn't merged to glance_store yet: https://review.openstack.org/130200 I'd like to suggest that we try to merge this security fix and release it as as glance_store '0.1.10'. Then make glance's juno/stable branch rely on glance_store '0.1.10' so that it picks up both the multi-tenant store and security fixes. So you're forcing all stable branch users to upgrade their glance_store module, with a version that includes featureful patches, which is not nice. I think those who maintain glance_store module in downstream distributions will cherry-pick the security fix into their packages, so there is nothing to do in terms of stable branches to handle the security issue. Objections? The set of related glance stable branch patches would be: https://review.openstack.org/134257 https://review.openstack.org/134286 https://review.openstack.org/134289/ (0.1.10 dependency -- also requires a global requirements change) Does this seem ok? -Stuart ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) iQEcBAEBCgAGBQJUZOouAAoJEC5aWaUY1u57aFMIAM2uhUPOLfBqNneKO89Kv3tU uE5+JP3Oh7pSCwCgw+fgnxraG9jb5QjpV8rCHewvFpyWQKwsstmNjdMeryRIX1Hn TZ42mSFUWkjDBJ/cvP2QyLXt2Il93xtqaAcLxo9enHUBR4F2lUCaZK0sm8jLkIFf TYv9jaf5QwjIWD7VO51HibwoH4f2laJv4r8MbIuyQoUpMlKpeWzmETqm5NrIUCp+ Acvbxo0EaRgAhWRIfHmFtudVjeirjc6vG9yjxFwaObYODb3sridcnr5IOBwP8jrI 1WExsAPTMU6ut2j2pABxIc0PnYAcW1uzc8w4/oPMUp0rZsaQfveCH/mRA0QnqrQ= =j14y -END PGP SIGNATURE- ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
Re: [openstack-dev] [glance] security and swift multi-tenant fixes on stable branch
On 2014-11-13 18:28:14 +0100 (+0100), Ihar Hrachyshka wrote: [...] I think those who maintain glance_store module in downstream distributions will cherry-pick the security fix into their packages, so there is nothing to do in terms of stable branches to handle the security issue. [...] As a counterargument, some Oslo libs have grown stable branches for security backports and cut corresponding point releases on an as-needed basis so as to avoid introducing new features in stable server deployments. -- Jeremy Stanley ___ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
