[Spice-devel] [spice-gtk v4 00/13] CD sharing feature
Gerd Hoffmann
kraxel at redhat.com
Thu Sep 20 11:48:14 UTC 2018
Hi,
> If we consider the nbd PoC and the solution Daynix sent (spice-gtk and
> emulation) I personally prefer the Daynix solution and as Yuri said already
> the glue code required for the nbd is bigger than the emulation code.
Oh. Fair enough. I certainly didn't expect that the nbd glue is more
code than doing full usb+scsi emulation.
> I also think is better from the client prospective, updating the host
> to fix possible problems is much harder than just update the client.
The qemu usb/scsi/cdrom emulation has seen years of testing.
So I wouldn't worry too much about bugs there.
> Being also the client less a security issue the client solution reduces
> the surface attack.
That is wrong IMO. You just have a different attack surface, for the
most part it moves from the virtualization host (the machine running
qemu) to the user's box (the machine running spice-client).
Whenever that is better or not depends much on the deployment. With
thin clients you might be better off that way. When the spice-client
runs on a full-blown workstation it might be a rather interesting target
to attack though.
cheers,
Gerd
More information about the Spice-devel
mailing list