On Mon, Mar 09, 2020 at 04:21:12PM +0100, Kevin Wolf wrote:
Am 06.03.2020 um 23:51 hat Eric Blake geschrieben:
For qcow2 and qed, we want to encourage the use of -F always, as these formats can suffer from data corruption or security holes if backing format is probed. But for other formats, the backing format cannot be recorded. Making the user decide on a per-format basis whether to supply a backing format string is awkward, better is to just blindly accept a backing format argument even if it is ignored by the contraints of the format at hand.
Signed-off-by: Eric Blake <eblake@redhat.com>
I'm not sure if I agree with this reasoning. Accepting and silently ignoring -F could give users a false sense of security. If I specify a -F raw and QEMU later probes qcow2, that would be very surprising.
And if the user specifies "-F raw" and we probe qcow2, and the user does not realize this, they can become silently reliant on always probing qcow2. If we then honour the "-F raw" option in a later QEMU release, we'll break the behaviour they've relied on. IMHO, we must not accept "-F fmt" unless we're in a position to honour it. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|