Re: Please, provide a fixed Cloud Image URL for Debian

To: debian-devel <debian-devel@lists.debian.org>
Subject: Re: Please, provide a fixed Cloud Image URL for Debian
From: Jeremy Stanley <fungi@yuggoth.org>
Date: Wed, 10 Aug 2016 23:25:53 +0000
Message-id: <[🔎] 20160810232553.GD2458@yuggoth.org>
In-reply-to: <[🔎] 1470870883-sup-6878@fewbar.com>
References: <[🔎] CAJSM8J0z9QBHjyLTZax1rdC3dDM6za2cnFMG2ypi5WwAS1r_ZA@mail.gmail.com> <[🔎] 1470867245-sup-6846@fewbar.com> <[🔎] 58aa2e9d-d8db-b7ec-db5c-b5959024c014@brainfood.com> <[🔎] 1470870883-sup-6878@fewbar.com>

On 2016-08-10 16:16:54 -0700 (-0700), Clint Byrum wrote:
[...]
> the OP was suggesting that he just tells OpenStack's glance
> service to download these images directly from the internet on his
> hypervisor hosts (which is what --location does). This means that
> no verification happens before the VM boots. The image is
> downloaded, turned into a filesystem for a VM, and booted, without
> ever having consulted a list of cryptographic hashes, gpg key, or
> even a crc32. :-/

And what's worse, the example was of doing it over plain HTTP, no
TLS even (for whatever transport security is worth anyway).
-- 
Jeremy Stanley

Reply to:

References:
- Please, provide a fixed Cloud Image URL for Debian
  - From: Martinx - ジェームズ <thiagocmartinsc@gmail.com>
- Re: Please, provide a fixed Cloud Image URL for Debian
  - From: Clint Byrum <spamaps@debian.org>
- Re: Please, provide a fixed Cloud Image URL for Debian
  - From: Adam Heath <doogie@brainfood.com>
- Re: Please, provide a fixed Cloud Image URL for Debian
  - From: Clint Byrum <spamaps@debian.org>

Prev by Date: Re: Please, provide a fixed Cloud Image URL for Debian
Next by Date: Bug#833975: ITP: libjs-jquery-stupidtable -- jQuery table sorting plugin
Previous by thread: Re: Please, provide a fixed Cloud Image URL for Debian
Next by thread: Re: Please, provide a fixed Cloud Image URL for Debian
Index(es):
- Date
- Thread