Downloadable image files
[I was asked to copy this feedback from #debian-cloud to the list for
general consumption. Edited for the list.]
One problem I think I see is that the AMI is being created first, then
the block device is being copied for the downloadable image.
The downloadable image would better be a tar.gz of the file system. That
could be untar'd onto an EC2 volume, snapshot, and registered as an AMI.
This would also make it easier for others to download, untar, customize,
snapshot, register to create their own private AMIs.
The images could probably be built outside of EC2 if somebody cared, as
they should be usable on other non-EC2 platforms.
There are security risks with block device copies as they can contain
deleted files. Here are a couple articles I've written on this:
http://alestic.com/2011/06/ec2-ami-security
http://alestic.com/2009/09/ec2-public-ebs-danger
--
Eric Hammond
Reply to: