[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] news: Update for 3.9.0 release



On Wed, 2017-11-01 at 16:19 -0400, John Ferlan wrote:
> > +        </summary>
> > +        <description>
> > +          This new API, also exposed through the
> > +          <code>set-lifecycle-action</code> <code>virsh</code> command, allows
> > +          the user to dynamically control how the guest will react to being
> > +          powered off, being restarted or crashing.
> 
> This one reads strangely to me...  As a suggestion
> 
> Provided a new API to allow dynamic guest lifecycle control for guest
> reactions to poweroff, restart, or crash type events related to the
> domain XML <code>on_poweroff</code>, <code>on_reboot</code>, and
> <code>on_crash</code> elements. The <code>virsh
> set-lifecycle-action<code> command was created to control the actions.

You forgot to close the <code> element here ;)

> > +          constraints that log have to be bigger than 100 KiB before they can
> > +          be rotated solves the issue.
> 
> s/issue.$/issue. However, this may increase the number of files until
> they are automatically rotated.

I don't think that's true: the same number of log files will be
created, it's just that now more files will be rotated. So I left
out that part.

> (Personally, not quite sure how that rotation actually occurs).

Not sure myself. I think the logrotate profile is installed along
with libvirt, but you have to enable it explicitly for rotation to
actually occur?

> > +      <change>
> > +        <summary>
> > +          qemu: Ensure TLS clients always verify the server certificate
> > +        </summary>
> > +        <description>
> > +          While it's reasonable to turn off client certificate validation,
> > +          as setting it up can be non-trivial, clients should always verify
> > +          the server certificate to avoid MITM attacks. libvirt was, however,
> > +          using the same knob to control both checks, leading to
> > +          CVE-2017-1000256 / LSN-2017-0002.
> > +        </description>
> > +      </change>

As suggested by Peter, I've moved this to a separate "Security"
section, and pushed the whole thing.

Thanks for the review and all the improvements :)

-- 
Andrea Bolognani / Red Hat / Virtualization


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]