openstack
/
tripleo-image-elements
Code Issues Proposed changes

Document shortcomings of pypi-openstack element 

The element should not be used in production without considering these
facts. Also provide instructions for alternatives.

Change-Id: I2ed6c0ca1487506619128514f44e53738a76a6dc
This commit is contained in:
Clint Byrum 2014-02-03 10:22:56 -08:00
parent 2b943e0bb4
commit 6ac6906d6d
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
elements/pypi-openstack/README.md
View File

@ -6,3 +6,12 @@ http://pypi.openstack.org.
By policy all tests in the OpenStack CI/CD environment need to use just the
OpenStack PyPI mirror and thus should include this element.
Note that when building images with this element, pip uses HTTP, and the
OpenStack mirror does not provide a way to verify the contents of the
downloaded packages, and thus is vulnerable to a man-in-the-middle attack.
In order to have a secure local mirror which is built in the same way
pypi-openstack is, see the diskimage-builder element 'pypi'. If you would
like to build an image which hosts such a mirror, see the pypi-mirror
element.