id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,blockedby,blocking,platform 11829,Form an opinion if/which services running on baron directly should better be moved to a VM,zooey,haiku-web,"Currently, a couple of services run on baron directly: * buildbot master * downloads.haiku-os.org * server-stats.haiku-os.org * web-stats.haiku-os.org * rsync daemon feeding our mirrors From a security perspective, this isn't very nice, as baron is the hypervisor, which means that any break-in via a service running on it could provide access to all VMs, too. Having those services run in a (maybe additional) VM would limit the risk of an intrusion at least to some extent. Some of these services (most notable: download.haiku-os.org and the mirror feed) have been put onto baron for a reason: they place considerable demands on network bandwidth and disk space, so moving them to a VM isn't straightforward.",task,closed,normal,,Sys-Admin,,fixed,,,,,All