On 2012-12-18 9:54, Matthew Miller wrote:
On Tue, Dec 18, 2012 at 09:26:25AM -0500, Andy Grimm wrote:
Since a Fedora image should still be Fedora, I can certainly live with
automatic updates if the rest of the community disagrees with me, but when
we target a new platform like the cloud I believe we ought to encourage
habits that are appropriate for it rather than encouraging old workflows
that can make managing stuff in the cloud more difficult.
+1
I think you guys are right for general package updates and bug fixes. But I
don't think cloud is anything particularly new in giving the luxury to avoid
patching vulnerabilities.
I'm not going to change anything now, but I think we need to think about how
to do this. Amazon Linux automatically applies critical security fixes, and
notifies on login of important ones. I'm not so keen on the "on login"
approach, because I think _that's_ the "old workflow".
It's harder to sell that idea for Fedora than it is for operating
systems with less churn, because security updates quickly end up getting
conflated with enhancements and other changes. That doesn't negate your
point, though. Does anyone have any useful thoughts/experiences with that?
--
Garrett Holmstrom
_______________________________________________
cloud mailing list
cloud@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/cloud
