On Mon, Mar 09, 2020 at 04:21:12PM +0100, Kevin Wolf wrote: > Am 06.03.2020 um 23:51 hat Eric Blake geschrieben: > > For qcow2 and qed, we want to encourage the use of -F always, as these > > formats can suffer from data corruption or security holes if backing > > format is probed. But for other formats, the backing format cannot be > > recorded. Making the user decide on a per-format basis whether to > > supply a backing format string is awkward, better is to just blindly > > accept a backing format argument even if it is ignored by the > > contraints of the format at hand. > > > > Signed-off-by: Eric Blake <eblake@xxxxxxxxxx> > > I'm not sure if I agree with this reasoning. Accepting and silently > ignoring -F could give users a false sense of security. If I specify a > -F raw and QEMU later probes qcow2, that would be very surprising. And if the user specifies "-F raw" and we probe qcow2, and the user does not realize this, they can become silently reliant on always probing qcow2. If we then honour the "-F raw" option in a later QEMU release, we'll break the behaviour they've relied on. IMHO, we must not accept "-F fmt" unless we're in a position to honour it. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
