Tony Breeds wrote: > [...] > So if that timeline is approximately correct: > > - Can we wait this long to fix the bug? As opposed to having it squashed in > Kilo. > - What do we do in nova for the next ~12 months while know there isn't a qemu > to fix this? > - Then once there is a qemu that fixes the issue, do we just say 'thou must > use > qemu 2.3.0' or would nova still need to support old and new qemu's ?
Fixing it in qemu looks like the right way to fix this issue. If it was simple to fix, it would have been fixed already: this is one of our oldest bugs with security impact. So I'd say yes, this should be fixed in qemu, even if that takes a long time to propagate. If someone finds an interesting way to work around this issue in Nova, then by all means, add the workaround to Kilo and deprecate it once we can assume everyone moved to newer qemu. But given it's been 3 years this bug has been around, I wouldn't hold my breath. -- Thierry Carrez (ttx)
Description: OpenPGP digital signature
_______________________________________________ OpenStack-dev mailing list OpenStackfirstname.lastname@example.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev