On 06/05/2012 02:16 AM, Paul Moore wrote:
On Sunday, June 03, 2012 08:55:42 AM Anthony Liguori wrote:
This needs to be optional and disabled by default I think. I strongly
dislike disabling a feature when a user isn't asking for it. You can
introduce a global -enable-fips-mode or something like that.
I'll resend the patch, but before I do I want to make sure the defaults are
set to whatever you find acceptable to merging and the second sentence above
has me a little confused; do you mean "... dislike _enabling_ a feature when a
user isn't asking for it."?
I dislike *removing* a feature unless a user has explicitly asked us too.
If a user isn't aware that fips mode is enabled, they will have no idea why VNC
authentication doesn't work. I think we should let a user choice whether they
want QEMU to respect fips mode or not.
Regards,
Anthony Liguori
