[libvirt] [PATCH v2 2/2] bridge driver: don't masquerade local subnet broadcast/multicast packets

[Laszlo Ersek]

On 09/24/13 18:10, Brian J. Murrell wrote:
> On 13-09-23 02:27 PM, Laszlo Ersek wrote:
>>
>> If you disagree with this approach (that is: if you think that
>> "224.0.0.0/24" here is not gradual improvement but a step in the wrong
>> direction),
> 
> Of course I'm not saying that.  I think that's pretty clear.  The only
> point we disagree on is the size of the network range, not the
> implementation of the feature so by definition of course your patch is a
> good initial improvement and should continue on that path.
> 
> If somebody really needs to come along afterward as a separate effort
> and expand the range (or at least be able to leverage your work to do so
> in their own private builds) then that can happen.

Thanks, and that's really what I consider necessary.

We agree that the change is not big or hard. It's just that
- I can't convincingly argue the change in the commit message,
- security is in the picture (and I can't argue it isn't),
- hence I *really* don't want my S-o-b on the change.

I'm not opposing the change at all, I just don't want my name on it,
because I *can't prove* that it's secure. For the restrictive prefix I
have at least public references.

Thanks,
Laszlo