Welcome to Last week on OpenStack Dev (“Lwood”) for the week ending 20th December 2015. For more background on Lwood, please refer here.
Basic Stats for week 14th to 20th December 2015 :
- ~610 Messages (down about 4% relative to last week)
- ~184 Threads (down about 8% relative to last week)
All getting a little quieter as we near the end of year, a shorter Lwood as a result to the point where I’m worrying I’ve missed something!
Two new Open Stack Security Notices (OSSN 0061, 0062)
Glance image signature uses an insecure hash algorithm (MD5) (OSSN 0061)
From the summary “During the Liberty release the Glance project added a feature that supports verifying images by their signature. There is a flaw in the implementation that degrades verification by using the weak MD5 algorithm.” More discussion in the original post or OSSN 0061
Potential reuse of revoked Identity tokens (OSSN 0062)
From the summary “An authorization token issued by the Identity service can be revoked, which is designed to immediately make that token invalid for future use. When the PKI or PKIZ token providers are used, it is possible for an attacker to manipulate the token contents of a revoked token such that the token will still be considered to be valid. This can allow unauthorized access to cloud resources if a revoked token is intercepted by an attacker. More in the original post or OSSN 0062
Gerrit Upgrade to 2.11 Complete
Smaug – a new Application Data Protection project
Eran Gampel announced a new OpenStack project “Smaug” that is aiming tp provide Disaster Recovery for all OpenStack resources. The post includes an encouraging sounding mission statement for the project, an invitation to join in the bi-weekly meetings and review the proposed Smaug API v1.0
Naming polls for N and O are open
Monty Taylor noted early in the week that polls are open for the OpenStack “N” and “O” names. Polls close at the end of December 22 (UTC) – a less than 24h from now.
Clarifying “elusive unicorns” – Rolling Upgrades for Cinder
Michael Dulko provided a nicely put together summary of the conversations around rolling upgrades for Cinder (including the reference to “elusive unicorns”) – well worth a read.
Upcoming OpenStack Events
A summary of OpenStack related events that cropped up on the mailing list this past week that seemed worth calling out. Don’t forget the OpenStack Foundation’s excellent Events Page for a comprehensive list though!
- A reminder that many projects and working groups are cancelling regular IRC meetings over the last couple of weeks of December 2015 and early January 2016 – worth double checking any that you usually attend to save that unnecessary early morning start or late night :)
- A (possibly incomplete) list: NFV, TelcoWG, Neutron, DVR, Searchlight, Horizon, Glance, Fuel, QA, Performance, Nova, Tacker, Stable, Freezer, Lbaas and Octavia
- [kosmos] Midcycle 20-22 January, Seattle, WA, USA – Graham Hayes
- [designate] Midcycle – 8-10 February, Galway, Ireland – Graham Hayes
- [tacker] Surveying dates for midcycle – End January, San Jose, CA, USA – Sridhar Ramaswarmy
- [ansible] Midcycle Partially co-located with Ops Midcycle 15-17 February, UK – Jesse Pretorious
People and Projects
- [fuel] Balut Gaifulin for fuel-web-core and fuel-mirror-core – Igor Kalnitsky
Don’t forget these excellent sources of OpenStack news :)
- OpenStack Weekly Community Newsletter by Jay Fankhauser and others
- OpenStack Developer Mailing List Digest by Mike Perez
This is the last Lwood before Christmas and so I take this opportunity to wish you and yours the very best for Christmas or your preferred observance at this time of year! :)
This edition of Lwood brought to you by Marillion (A Singles Collection, Clutching At Straws), Queen (Greatest Hits I & II), Richard Clapton (The Best Years of our Lives), Rush (Hold Your Fire) amongst other excellent tunes.