Security Guide - Chapter 43. Image Creation Process says 'secure' when it means 'verifiable'
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openstack-manuals |
Fix Released
|
Medium
|
Renee |
Bug Description
This section is referring to how to validate image integrity. Hardening is mentioned in the sentence before: "Additionally it is assumed that you have a process by which you install and harden operating systems." It would be scary for someone to follow this guide and think that pulling a stock image from a repository was a 'secure' image. The only sections after this sentence are concerning live migrations.
Currently States: "Thus, the following items will provide additional guidance on how to ensure your images are built securely prior to upload."
Recommended Update: "Thus, the following items will provide additional guidance on how to ensure your images are transferred securely into OpenStack."
-------
Built: 2014-07-18T11:07:05 00:00
git SHA: 2dc0f54e2f4b1a5
URL: http://
source File: file:/home/
xml:id: security-
Changed in openstack-manuals: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
tags: | added: low-hanging-fruit sec-guide |
Changed in openstack-manuals: | |
assignee: | nobody → Renee (renee-rendon) |
assignee: | Renee (renee-rendon) → nobody |
assignee: | nobody → Renee (renee-rendon) |
Fix proposed to branch: master /review. openstack. org/109686
Review: https:/