Hi,
Sina S wrote (24 Jan 2014 00:41:28 GMT) :
> I am a little worried about this proposal because it will mean computers
> without a lot of resources can no longer run Tails.
Thanks for writing down this concern. I'm sure a few of us (including
me) share it too.
However, AFAIK, nobody has ever proposed to make "run a few virtual
machines under some hypervisor" the default Tails' mode of operation.
IMO, the best way to go ahead is to first have a working
proof-of-concept, then add it as an option, evaluate it, and then only
we can think if we want to drop support for hardware that does not
support KVM, or to support both modes of operation in parallel, or
what. Luckily, I think this is just what's happening :)
> I would propose OpenVZ as a better solution than KVM for this reason
> and better than LXC for security reasons.
Unfortunately, last time I've checked, the way the OpenVZ kernel is
maintained made it quite painful to integrate with a Debian-based
system such as Tails. The great news is that substantial parts of the
OpenVZ patchset have slowly been integrated into the mainline kernel
over the course of the last years, so possibly the day when LXC is as
secure as OpenVZ will come. Just curious: what specific security
reasons did you have in mind?
Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc