On Thu, Jun 11, 2015 at 03:47:07PM +0200, Hrvoje Ribicic wrote: > Here's an interdiff describing the security implications better: > > diff --git a/NEWS b/NEWS > index e3e25bc..39bdf49 100644 > --- a/NEWS > +++ b/NEWS > @@ -15,8 +15,10 @@ Incompatible/important changes > for the xl stack of Xen required SSH to be able to migrate the instance, > leading to a situation where full movement of an instance around the > cluster > was not possible. This version fixes the issue by using socat to transfer > - instance data. As a consequence, Xen instance migrations using xl cannot > - occur between nodes running 2.13.0 and 2.13.1. > + instance data. While socat is less secure than SSH, it is about as > secure as > + xm migrations, and occurs over the secondary network if present. As a > + consequence of this change, Xen instance migrations using xl cannot occur > + between nodes running 2.13.0 and 2.13.1. >
LGTM. Thanks. -- Klaus Aehlig Google Germany GmbH, Dienerstr. 12, 80331 Muenchen Registergericht und -nummer: Hamburg, HRB 86891 Sitz der Gesellschaft: Hamburg Geschaeftsfuehrer: Graham Law, Christine Elizabeth Flores
