Re: [Qemu-devel] [PATCH 3/3] cirrus: mark as deprecated

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



+-- On Fri, 26 Oct 2018, Daniel P. Berrangé wrote --+
| ... 
| One thing we should do, however, is to make it clear which of the
| device models we consider secure, and which we consider only usable
| in a friendly guest environment, as we have very different code
| maintainership & quality standards for different parts of QEMU.
| 
| Essentially virtio devices, and then only a handful of the emulated
| devices are things we consider suitable for usage in secure envs.
| Likewise for machine types probably.

True, +1.

It did come up in another thread. It'll surely be helpful to list these 
professional and friendly components. 'Professional' being production ready 
and thus security relevant. And 'Friendly' being experimental or not suitable 
for production usage. Maybe like staging drivers in the kernel tree. They are 
available for use but not considered production ready and thus are not 
security relevant.

To be clear, irrespective of professional or friendly, we strive to fix every 
single issue that is found and/or reported. Only difference is, professional 
ones are tracked by a CVE ID and friendly ones are fixed as bug fixes, not 
tracked by CVE ID.

Thank you.
--
Prasad J Pandit / Red Hat Product Security Team
47AF CE69 3A90 54AA 9045 1053 DD13 3D32 FE5B 041F
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux