On Thu, Sep 20, 2018 at 2:48 PM, Gerd Hoffmann <kra...@redhat.com> wrote:
> Hi, > > > If we consider the nbd PoC and the solution Daynix sent (spice-gtk and > > emulation) I personally prefer the Daynix solution and as Yuri said > already > > the glue code required for the nbd is bigger than the emulation code. > > Oh. Fair enough. I certainly didn't expect that the nbd glue is more > code than doing full usb+scsi emulation. > > > I also think is better from the client prospective, updating the host > > to fix possible problems is much harder than just update the client. > > The qemu usb/scsi/cdrom emulation has seen years of testing. > So I wouldn't worry too much about bugs there. > > > Being also the client less a security issue the client solution reduces > > the surface attack. > > That is wrong IMO. You just have a different attack surface, for the > most part it moves from the virtualization host (the machine running > qemu) to the user's box (the machine running spice-client). > In aspect of security/attack surface the cd-sharing in the client is not different from flash drive redirection (if I'm not mistaken) and should not increase the risk. > > Whenever that is better or not depends much on the deployment. With > thin clients you might be better off that way. When the spice-client > runs on a full-blown workstation it might be a rather interesting target > to attack though. > cheers, > Gerd > >
_______________________________________________ Spice-devel mailing list Spice-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/spice-devel
