diff options
Diffstat (limited to 'releasenotes/notes/check-for-md5-59db8fd67870b214.yaml')
| -rw-r--r-- | releasenotes/notes/check-for-md5-59db8fd67870b214.yaml | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/releasenotes/notes/check-for-md5-59db8fd67870b214.yaml b/releasenotes/notes/check-for-md5-59db8fd67870b214.yaml new file mode 100644 index 0000000..a70176b --- /dev/null +++ b/releasenotes/notes/check-for-md5-59db8fd67870b214.yaml @@ -0,0 +1,13 @@ +--- +other: + -| + For legacy (pre-Rocky) images that do not contain "multihash" metadata, + or when the ``--allow-md5-fallback`` option is used in cases where the + multihash metadata is present but the specified algorithm is not available + to the glanceclient, the glanceclient uses an MD5 checksum to validate + the download. When operating in a FIPS-compliant environment, however, + the MD5 algorithm may be unavailable to the glanceclient. In such a case, + (that is, when the MD5 checksum information is available to the glanceclient + but the MD5 algorithm is not), the glanceclient will fail the download as + corrupt because it cannot prove otherwise. This is consistent with + current behavior. |