From: George Dunlap <george.dunlap@eu.citrix.com>
To: Ian Campbell <Ian.Campbell@citrix.com>
Cc: Wei Liu <wei.liu2@citrix.com>,
Roger Pau Monne <roger.pau@citrix.com>,
Stefano Stabellini <stefano.stabellini@citrix.com>,
Jaeyong Yoo <jaeyong.yoo@samsung.com>,
"xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
Subject: Re: Xen 4.4 development update: Feature freeze has started
Date: Fri, 15 Nov 2013 16:11:35 +0000 [thread overview]
Message-ID: <528647B7.6020102@eu.citrix.com> (raw)
In-Reply-To: <1384254550.1883.53.camel@kazak.uk.xensource.com>
On 12/11/13 11:09, Ian Campbell wrote:
>> * xend still in tree (x)
>> - xl list -l on a dom0-only system
>> - xl list -l doesn't contain tty console port
>> - xl Alternate transport support for migration
> Are some of these (this one in particular) also covered separately
> elsewhere in the list?
Yes, this one is also here:
* xl migrate transport improvements
owner: None
> See discussion here: http://bugs.xenproject.org/xen/bug/19
- Option to connect over a plain TCP socket rather than ssh
- xl-migrate-recieve suitable for running in inetd
- option for above to redirect log output somewhere useful
- Documentation for setting up alternate transports
However, after the discussion with Zhigang, I'm not sure this should
really be a blocker for xend removal anymore. The putative reason for
having ssl was because exchanging ssh keys was thought to be a security
risk, allowing anyone on one host to log into any of the other hosts.
However:
1) ssh keys can be limited so that they can only execute a specific
command; so this can be dealt with by configuration
2) There are no permissions checks on resources for incoming domains; so
given the ability to migrate to a host, you can get a shell on that host
pretty handily anyway.
-George
next prev parent reply other threads:[~2013-11-15 16:11 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-11 17:18 Xen 4.4 development update: Feature freeze has started George Dunlap
2013-11-11 17:32 ` Andrew Cooper
2013-11-15 14:36 ` George Dunlap
2013-11-15 14:44 ` Jan Beulich
2013-11-15 14:48 ` Andrew Cooper
2013-11-15 14:52 ` Andrew Cooper
2013-11-11 18:03 ` Konrad Rzeszutek Wilk
2013-11-12 8:55 ` Jan Beulich
2013-11-12 12:04 ` Stefano Stabellini
2013-11-12 14:17 ` Konrad Rzeszutek Wilk
2013-11-12 9:24 ` Ian Campbell
2013-11-11 20:49 ` Boris Ostrovsky
2013-11-11 21:02 ` Ben Guthro
2013-11-12 10:54 ` David Vrabel
2013-11-12 11:09 ` Ian Campbell
2013-11-12 11:11 ` Roger Pau Monné
2013-11-15 15:37 ` George Dunlap
2013-11-15 15:51 ` Roger Pau Monné
2013-11-12 11:20 ` Wei Liu
2013-11-12 11:53 ` Fabio Fantoni
2013-11-12 12:49 ` Stefano Stabellini
2013-11-12 14:20 ` Konrad Rzeszutek Wilk
2013-11-12 14:22 ` Ian Campbell
2013-11-12 14:26 ` Wei Liu
2013-11-12 15:07 ` Konrad Rzeszutek Wilk
2013-11-12 15:16 ` Wei Liu
2013-11-15 16:11 ` George Dunlap [this message]
2013-11-15 16:28 ` George Dunlap
2013-11-19 10:47 ` Ian Campbell
2013-11-14 9:28 ` Dario Faggioli
2013-11-14 14:16 ` Nate Studer
2013-11-14 22:20 ` Dario Faggioli
2013-11-15 9:03 ` Jan Beulich
2013-11-15 9:41 ` Dario Faggioli
2013-11-15 9:00 ` Jan Beulich
2013-11-14 9:38 ` Dario Faggioli
2013-11-14 13:42 ` Elena Ufimtseva
2013-11-15 16:34 ` George Dunlap
2013-11-15 18:07 ` Dario Faggioli
2013-11-15 20:39 ` Shriram Rajagopalan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=528647B7.6020102@eu.citrix.com \
--to=george.dunlap@eu.citrix.com \
--cc=Ian.Campbell@citrix.com \
--cc=jaeyong.yoo@samsung.com \
--cc=roger.pau@citrix.com \
--cc=stefano.stabellini@citrix.com \
--cc=wei.liu2@citrix.com \
--cc=xen-devel@lists.xen.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.