On Sun, 12 Apr 2020 at 21:53, Philippe Mathieu-Daudé <f4...@amsat.org> wrote: > "VMs using KVM" as security boundary is very clear, thanks. > > Note 1: This this doesn't appear on the QEMU security process > description: https://www.qemu.org/contribute/security-process/
It's part of the list of how to decide whether an issue is security sensitive: "Is QEMU used in conjunction with a hypervisor (as opposed to TCG binary translation)?" We also document it in the user manuals now (a relatively recent improvement): https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case > Note 2: If a reported bug is not in security boundary, it should be > reported as a bug to mainstream QEMU, to give the community a chance to > fix it. Yes; bugs are still bugs. thanks -- PMM
