|
From: | Anthony Liguori |
Subject: | Re: [Qemu-devel] [PATCH v2] vnc: disable VNC password authentication (security type 2) when in FIPS mode |
Date: | Tue, 05 Jun 2012 07:11:24 +0800 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20120329 Thunderbird/11.0.1 |
On 06/05/2012 02:16 AM, Paul Moore wrote:
On Sunday, June 03, 2012 08:55:42 AM Anthony Liguori wrote:This needs to be optional and disabled by default I think. I strongly dislike disabling a feature when a user isn't asking for it. You can introduce a global -enable-fips-mode or something like that.I'll resend the patch, but before I do I want to make sure the defaults are set to whatever you find acceptable to merging and the second sentence above has me a little confused; do you mean "... dislike _enabling_ a feature when a user isn't asking for it."?
I dislike *removing* a feature unless a user has explicitly asked us too.If a user isn't aware that fips mode is enabled, they will have no idea why VNC authentication doesn't work. I think we should let a user choice whether they want QEMU to respect fips mode or not.
Regards, Anthony Liguori
[Prev in Thread] | Current Thread | [Next in Thread] |