[loganmarchione]

So far, the Equinix Metal shutdown affects Freedesktop, Alpine, WireGuard, and Flathub. Why can't these organizations use VMs? Is there something special about bare-metal services, or has Equinix not offered their VM service to these organizations?

[johnklos]

VMs introduce security issues that bare metal don't have. Those security issues are mostly academic for most people and many projects, but not for software where a supply chain compromise could severely impact all users of that software.

Imagine if Wireguard were backdoored because someone working for the ISP that runs the VMs compromised their VMs through the hypervisor. How would a project audit an ISP? How could anything be trusted? Bottom line: it can't. ISPs don't give that kind of information to customers unless you're special (government, spend crazy money).

While it's still possible to compromise a machine through physical access, it's MUCH more difficult. How do you bring it in to single user mode to introduce a privileged user without people noticing that it's down, even momentarily, or that the uptime is now zero? Compromise like this is possible, but worlds more difficult to pull off than compromise through hypervisor.

[thatSteveFan]

Possible I'm just not remembering the history right, but I think this is from when "Equinix metal" was packet.com. I think this is a handshake deal they had from before they were bought, and it's going away as packet.com becomes more integrated into Equinix.

[acatton]

How are VMs solving this issue? You cannot just snapshot them and migrate them to another provider. You'll get different local-IPv4 and different IPv6, etc.

[indigodaddy]

So what, they didn't BYOIPs with equinix did they? It's trivial to update IPs in a migrated VM image