Re: Moving QEMU downloads to GitLab Releases?

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Moving QEMU downloads to GitLab Releases?

From:	Stefan Hajnoczi
Subject:	Re: Moving QEMU downloads to GitLab Releases?
Date:	Fri, 1 Oct 2021 08:11:35 +0100

On Thu, Sep 30, 2021 at 03:57:49PM +0000, Eldon Stegall wrote:
> Hello!
> I'd be happy to help with this. I'm mostly a consumer of QEMU, but
> greatly appreciate all the work this community has done, and was able
> to contribute a little by helping with QEMU advent this past year. I
> would be happy to help streamline some of this activities if that would
> be welcome, and would gratefully contribute time and resources. Hosting
> and serving data like this has been core to my recent experience.
> 
> I would be happy to suggest and build out a distribution strategy for
> these packages, and believe I could cut some costs, and even convince a
> small consultancy I am a part of here that uses QEMU to foot a
> reasonable bill.
> 
> A brief introduction, since I haven't had the pleasure of attending
> FOSDEM or any other QEMU meetups: I am a startup-oriented Cloud Security
> Architect, based out of Atlanta, previously with companies like
> DataStax, but now working on AWS video pipelines for a startup here.

Thanks for joining the discussion and for running last year's QEMU
Advent Calendar, Eldon.

Any ideas for moving download.qemu.org to a hosted service would be
appreciated! We haven't compared CDN and cloud providers closely yet. If
you have experience in this area or time to check them out, then that
would be valuable.

QEMU has funds if there is a cost for file hosting (probably less than
$100/month). Some providers may be willing to support an open source
project for free. Possible providers include CloudFlare, Akamai, Fastly,
Microsoft Azure, Google Cloud Storage, etc.

We need to keep the security of QEMU releases in mind. Mike Roth
signs and publishes releases. Whoever facilitates or hosts the files
should not be able to modify the files after Mike has blessed them. One
way to do this is to keep hosting the .sig files on download.qemu.org
and to redirect the actual tarballs to a file hosting provider. A way to
securely publish files without hosting anything on qemu.org would be
even better though (maybe it's enough to publish signatures on the
static GitLab Pages website).

Stefan

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Moving QEMU downloads to GitLab Releases?, Stefan Hajnoczi <=
- Re: Moving QEMU downloads to GitLab Releases?, Daniel P . Berrangé, 2021/10/01
  - Re: Moving QEMU downloads to GitLab Releases?, Stefan Hajnoczi, 2021/10/04
- Re: Moving QEMU downloads to GitLab Releases?, Anthony Liguori, 2021/10/11
- Re: Moving QEMU downloads to GitLab Releases?, Thomas Huth, 2021/10/01
  - Re: Moving QEMU downloads to GitLab Releases?, Gerd Hoffmann, 2021/10/01
    - Re: Moving QEMU downloads to GitLab Releases?, Philippe Mathieu-Daudé, 2021/10/01
- Re: Moving QEMU downloads to GitLab Releases?, Philippe Mathieu-Daudé, 2021/10/01
  - Re: Moving QEMU downloads to GitLab Releases?, Stefan Hajnoczi, 2021/10/04
    - Re: Moving QEMU downloads to GitLab Releases?, Michael Roth, 2021/10/04
    - Re: Moving QEMU downloads to GitLab Releases?, Stefan Hajnoczi, 2021/10/05

Prev by Date: [RFC PATCH v4 13/20] vdpa: Save host and guest features
Next by Date: [RFC PATCH v4 14/20] vhost: Add vhost_svq_valid_device_features to shadow vq
Previous by thread: [RFC PATCH v4 00/20] vDPA shadow virtqueue
Next by thread: Re: Moving QEMU downloads to GitLab Releases?
Index(es):
- Date
- Thread