Index of /openstack/arch/

NameLast ModifiedSizeType
Parent Directory/ -  Directory
README.txt2015-Oct-18 21:48:451.5Ktext/plain
arch-openstack-2016-04-26-06-46-image-bootstrap-0.9.1-71-ga54d073.qcow22016-Apr-26 06:47:511.1Gapplication/octet-stream
arch-openstack-2016-04-27-06-46-image-bootstrap-0.9.1-71-ga54d073.qcow22016-Apr-27 06:47:581.1Gapplication/octet-stream
arch-openstack-2016-04-28-06-46-image-bootstrap-0.9.1-71-ga54d073.qcow22016-Apr-28 06:48:321.0Gapplication/octet-stream
arch-openstack-2016-04-29-06-46-image-bootstrap-0.9.1-71-ga54d073.qcow22016-Apr-29 06:48:001.1Gapplication/octet-stream
arch-openstack-2016-04-30-06-49-image-bootstrap-0.9.1-71-ga54d073.qcow22016-Apr-30 06:50:571.0Gapplication/octet-stream
arch-openstack-2016-05-28-18-33-image-bootstrap-0.9.1-71-ga54d073.qcow22016-May-28 18:37:001.1Gapplication/octet-stream
arch-openstack-2016-05-29-06-47-image-bootstrap-0.9.1-71-ga54d073.qcow22016-May-29 06:49:311.1Gapplication/octet-stream
arch-openstack-2016-05-30-06-47-image-bootstrap-0.9.1-71-ga54d073.qcow22016-May-30 06:49:251.1Gapplication/octet-stream
arch-openstack-2016-05-31-06-46-image-bootstrap-0.9.1-71-ga54d073.qcow22016-May-31 06:49:091.1Gapplication/octet-stream
WARNING
-------

   The images are *experimental* and work in progress.

   The latest image is the best.
   Known issue are tracked at:
   https://github.com/hartwork/image-bootstrap/issues


CREATION
--------
Images were created running

  image-bootstrap --openstack DISTRO .. LOOP_DEVICE

with image-bootstrap from:

  https://github.com/hartwork/image-bootstrap

If the images have "bugs", the generator has a bug.
If you find things that need fixing, please file a bug against
image-bootstrap at GitHub.  Thank you!


SECURITY and TRUST
------------------
image-bootstrap is downloading files through SSL and verifies downloads
using GnuPG.  That's the good part.  However:

 * The generating server is not air-gapped and therefore exposed
   to attacks from the internet.  Someone could hack this server
   and manipulate the image-generation code.

 * The resulting images are not signed and you are downloading
   via non-SSL HTTP right now.  Detecting man-in-the-middle
   is going to be tricky.

For the Arch images, I hope to convince someone of the Arch master keys
team members to run image-bootstrap, to sign the results and upload them just
like the Arch bootstrapping images.  That would be something you could
trust as much as you trust the Arch bootstrapping images.

Before we have that, the secure way is to run image-bootstrap yourself.


HOSTING
-------
I would like to thank the kind folks at https://www.cloudscale.ch/
for providing this virtual server, its storage and traffic
free of cost to me.  Many thanks!


Best,



Sebastian
lighttpd/1.4.35