On 19/01/15 21:49, Frederic Bonnard wrote: > Thank you Julien for looking at this and already filing bugs upstream. > I've uploaded a new package for 1.4.0 with a batch of small fixes (issues from > you, misc I found and from lintian) : > http://mentors.debian.net/package/kimchi That's a nice set of improvements. My only new issues are: 1. For some reason kimchid didn't start on boot, systemd decided not to load it. This may well be a problem on my machine, not a generic one, but perhaps worth testing. 2. The dependency on qemu-system is fairly broad, unless kimchi actually supports foreign architecture VMs then depending on the local version per-arch would be nice. ... > [ ] "3. Websocksify listens on IPv4 only, this will be unreliable for people > who have both v4 & v6 in DNS, and break for any v6 only users" : no bug so far : I checked > kimchi for configuration options but that seems to be changed deeper. Should I > file a bug for this one ? With 1.4 websockify is now an external dependency so it's now a bug in it (although fixed upstream, but there's not been a release, I've filed debian bug #??? for this). > [ ] "6. I don't see a pam service being created for kimchi, nor an obvious way > to restrict who has rights to login. (Upstream bug #571 filed) > A sensible default would probably be members of the libvirt group." > I need to look into that. Actually in our lab we avoided use of kimchi because we > felt it was not well suited at the moment for fine grained access rights. > If I'm right, a user that can login to the machine (pam) as access to kimchi and > also access to firmware updating tabs. Did we miss something on that ? > What's your opinion on Julien's point ? Per debian convention kimchi should get its own service, even if not generically. My plan is to allow the use of external auth which solves my case. > [X] "8. /robots.txt is missing. (Patch sent)" This is now merged for the next release.
Attachment:
signature.asc
Description: OpenPGP digital signature