Comment 64 for bug 1546507

Is the patch on gerrit now? I reviewed the latest patch and at least 2 points we need to improve:

1. About check "if url.startswith('http') or image_id in url:", unfortunately, we can't check if image_id in url, since it's easy to by pass. Because in Glance, user can specify image id, as a result, user can easily take the RBD cluster ID as his image id to by pass this check.

2. Currently, except http and filesystem(these two are OK for this case), we also support Cinder, RBD, sheepdog and vmware driver. We need to involve all the maintainers for each driver. Unfortunately, as the maintainer of RBD, I wasn't involved at the first time or I missed something. So my suggestion is, we should involve all the other maintainers to make sure the fix is good for all the drivers.