On Mon, 15 Jul 2013 13:40:18 -0400 Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote: > On Mon, Jul 15, 2013 at 05:05:47PM +0100, Daniel P. Berrange wrote: > > IMHO a publicised security update policy for cloud images should be > > a 'must have' prior to promoting the images as 1st class citizens > > supported by Fedora. > > That seems reasonable. I'll talk to the security team. And QA and releng? ;) I'm worried about the additional work this might cause unless we are very narrow in what requires an image update. Is it: * Security update in any package in the cloud image? or * Security update in any package in the cloud image that is 'remote' vulnerabilty? or * Security update in any exposed package with a remote vulnerability? (ie, kernel and openssh and firewalld or the like). or something else? We've never provided updated live images down the road for security issues. I understand cloud is a bit different, but we need to be clear on the scope, IMHO. kevin
Attachment:
signature.asc
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
