Form an opinion if/which services running on baron directly should better be moved to a VM
|Reported by:||zooey||Owned by:||haiku-web|
Currently, a couple of services run on baron directly:
- buildbot master
- rsync daemon feeding our mirrors
From a security perspective, this isn't very nice, as baron is the hypervisor, which means that any break-in via a service running on it could provide access to all VMs, too. Having those services run in a (maybe additional) VM would limit the risk of an intrusion at least to some extent.
Some of these services (most notable: download.haiku-os.org and the mirror feed) have been put onto baron for a reason: they place considerable demands on network bandwidth and disk space, so moving them to a VM isn't straightforward.