In response to Christian's list of TODO's in his review
To ensure a base level (requirement for the ack)
- set someone down a day installing that fo real
- use it with Openstack
- (try to) use it without openstack as well
- is it really providing what you want/need?
TODO => State on the bug the result of your testing!
I've tested both in the context of OpenStack, and standlone with websockify and libvirt to validate that spice-html5 is function and works as intended. There are some warning messages about unsupported features but it works OK. Its essential to use the virtio video adapter option but I was able to login and control a default 20.04 cloud image VM running under libvirt.
- check all the general Spice CVEs if any apply to this JS based code (might just not be tracked against spcie-html5 but apply)
TODO => State on the bug the result of your CVE check per CVE why they do not apply!
In response to Christian's list of TODO's in his review
To ensure a base level (requirement for the ack)
- set someone down a day installing that fo real
- use it with Openstack
- (try to) use it without openstack as well
- is it really providing what you want/need?
TODO => State on the bug the result of your testing!
I've tested both in the context of OpenStack, and standlone with websockify and libvirt to validate that spice-html5 is function and works as intended. There are some warning messages about unsupported features but it works OK. Its essential to use the virtio video adapter option but I was able to login and control a default 20.04 cloud image VM running under libvirt.
- check all the general Spice CVEs if any apply to this JS based code (might just not be tracked against spcie-html5 but apply)
TODO => State on the bug the result of your CVE check per CVE why they do not apply!
Rechecked general SPICE CVEs:
https:/ /cve.mitre. org/cgi- bin/cvekey. cgi?keyword= spice
Unable to find any that relate to spice-html5.
I also searched for some of the 3rd party js files:
https:/ /cve.mitre. org/cgi- bin/cvekey. cgi?keyword= jsbn /cve.mitre. org/cgi- bin/cvekey. cgi?keyword= SHA-1
https:/
but was unable to find any related open CVE's
- update to 0.2.x
TODO => Then feel free to set it to "in progress" to reflect that it is approved.
Done and tested as part of this review.