On 07/15/2013 12:34 PM, Daniel P. Berrange wrote:
I'm not suggesting we need to rebuild images for every update, but at a minimum, when we issue CVE / security errata that affects an image, I'd expect us to also rebuild and publish new cloud images pretty much synchronously.
Secure Boot support could benefit from image respins as well, if we ever start blacklisting kernels which threaten (our interpretation of) the Secure Boot security model. Right now, this isn't necessary because other distributions allegedly grant unrestricted ring 0 access by design, but this might change in the future.
-- Florian Weimer / Red Hat Product Security Team -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
