Hi, > If we consider the nbd PoC and the solution Daynix sent (spice-gtk and > emulation) I personally prefer the Daynix solution and as Yuri said already > the glue code required for the nbd is bigger than the emulation code. Oh. Fair enough. I certainly didn't expect that the nbd glue is more code than doing full usb+scsi emulation. > I also think is better from the client prospective, updating the host > to fix possible problems is much harder than just update the client. The qemu usb/scsi/cdrom emulation has seen years of testing. So I wouldn't worry too much about bugs there. > Being also the client less a security issue the client solution reduces > the surface attack. That is wrong IMO. You just have a different attack surface, for the most part it moves from the virtualization host (the machine running qemu) to the user's box (the machine running spice-client). Whenever that is better or not depends much on the deployment. With thin clients you might be better off that way. When the spice-client runs on a full-blown workstation it might be a rather interesting target to attack though. cheers, Gerd _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel