Downloadable image files

[I was asked to copy this feedback from #debian-cloud to the list forgeneral consumption. Edited for the list.]

One problem I think I see is that the AMI is being created first, thenthe block device is being copied for the downloadable image.

The downloadable image would better be a tar.gz of the file system. Thatcould be untar'd onto an EC2 volume, snapshot, and registered as an AMI.

This would also make it easier for others to download, untar, customize,snapshot, register to create their own private AMIs.

The images could probably be built outside of EC2 if somebody cared, asthey should be usable on other non-EC2 platforms.

There are security risks with block device copies as they can containdeleted files. Here are a couple articles I've written on this:


  http://alestic.com/2011/06/ec2-ami-security

  http://alestic.com/2009/09/ec2-public-ebs-danger

--
Eric Hammond

Reply to:

Follow-Ups:
- Re: Downloadable image files
  - From: Anders Ingemann <anders@ingemann.de>