> The security issue (50 containers -> 50 versions of openssl to patch) > also still stands — the earlier question on this list (when to expect > patched containers for a CVE affecting a library) I assume they use the default el7/el8 as a base layer, so when that is updated, you will get the updates. However redeploying tasks is not the same as just giving them a restart. > is still unreplied to[1], so these are real-life concerns. In general, I > don't know any project which ever managed to keep up with the workload > caused by the requirement to follow > all CVEs of all dependencies, informing about them and patching them, > since this is a workload comparable to the one the security teams of > Linux distributions have to handle. Indeed this is the core business of a distro that you choose. No software solution should ever make it theirs. Eg. this DCOS is just a binary blob of a centos release, from which you have no idea if it is up to date or not, I do not get why people install it. > > Cheers (and congratulations to all who made it to the end of this mail), I think your text clearly summarizes the point of view of many here. _______________________________________________ ceph-users mailing list -- ceph-users@xxxxxxx To unsubscribe send an email to ceph-users-leave@xxxxxxx
 |