On 09/09/2015 10:53 AM, Poulos, Brianna L. wrote:
Stuart is right about what will currently happen in Nova when an image is
downloaded, which protects against unintentional modifications to the
image data.
What is currently being worked on is adding the ability to verify a
signature of the checksum.
It should be noted that this does not protect against a compromised compute
node.
For an end-user that cares about this case, I think you'd pretty much need
self-checking within the guest to ensure that its running system matches a
downloaded manifest (or something like that).
Chris
__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
