Comment 1 for bug 801299

- glance/common/config.py find_config_file() should not load config files from "." (e.g. imagine doing "sudo apt-get install glace" from /tmp and being surprised that ./glance-registry.conf gets loaded during the postinst, writing to arbitrary locations for SQL and logs)
- I don't see any packaging that replaces the "swift_store_key" or similar items in the default configs.
- packaging lacks a "purge" target that will clean up the added "glance" user from the glance.postinst
- should use SSL by default
- glance/common/utils.py creates dangerous "execute" function that uses the shell to run commands without filtering meta characters. Luckily nothing uses it's only user, fetchfile(). These should both be removed, along with the unused runthis().
- is the POSTed image data actually used? I can't find many references to "image_data"