← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #37595

[Bug 1491579] [NEW] against all sanity, nova needs to work around broken public clouds

  Thread PreviousDate PreviousThread Next 
Public bug reported:

The version listing endpoint is a clearly a giant security risk, so the
intrepid operators of Rackspace, HP, Dreamhost, Auro and RunAbove have
all decided, in their infinite wisdom and deference to magical ponies
that BLOCKING it is a great idea.

Luckily, a non-zero number of them have decided to block it by hanging
connections rather than throwing a 401.

http://paste.openstack.org/show/442384/

In any case, the end result is that those clouds are unusable with the
latest release of novaclient, which means it's probably on the nova team
to figure out a workaround.

After this bug is fixed, a defcore test should be added and it should be
very non-optional.

Also, everyone involved with blocking the VERSION LISTING endpoint
should feel very ashamed of the stance against progress, joy and light.

On the other hand, please everyone join me in rejoicing in the excellent
work by the teams at vexxhost and UnitedStack who are running excellent
clouds that do not exhibit this pox.

** Affects: python-novaclient
     Importance: Critical
         Status: Confirmed


** Tags: liberty-rc-blocker

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1491579

Title:
  against all sanity, nova needs to work around broken public clouds

Status in python-novaclient:
  Confirmed

Bug description:
  The version listing endpoint is a clearly a giant security risk, so
  the intrepid operators of Rackspace, HP, Dreamhost, Auro and RunAbove
  have all decided, in their infinite wisdom and deference to magical
  ponies that BLOCKING it is a great idea.

  Luckily, a non-zero number of them have decided to block it by hanging
  connections rather than throwing a 401.

  http://paste.openstack.org/show/442384/

  In any case, the end result is that those clouds are unusable with the
  latest release of novaclient, which means it's probably on the nova
  team to figure out a workaround.

  After this bug is fixed, a defcore test should be added and it should
  be very non-optional.

  Also, everyone involved with blocking the VERSION LISTING endpoint
  should feel very ashamed of the stance against progress, joy and
  light.

  On the other hand, please everyone join me in rejoicing in the
  excellent work by the teams at vexxhost and UnitedStack who are
  running excellent clouds that do not exhibit this pox.

To manage notifications about this bug go to:
https://bugs.launchpad.net/python-novaclient/+bug/1491579/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next