Hi security team. I'm working on https://fedoraproject.org/wiki/Changes/VisibleCloud which proposes promoting the Fedora Cloud image on basically equal footing with the desktop download. Daniel Berrange gave the useful feedback that while installation-based distribution allows one to install updates at build time, image-based distribution means that the image must be booted to apply updates, giving a window of insecurity. (Unless careful measures are taken.) When there was a security issue with the previous Fedora image, we did do a fire-drill with an adhoc respin and pushed new images. Dan suggests that we develop (in coordination with the qa and release engineering teams) a security policy for updates to the cloud image. Is this of interest? -- Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm@xxxxxxxxxxxxxxxxx> -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
