On Tue, 16 Jul 2013 10:55:40 +0200 Florian Weimer <fweimer@xxxxxxxxxx> wrote: > On 07/15/2013 12:34 PM, Daniel P. Berrange wrote: > > > I'm not suggesting we need to rebuild images for every update, but > > at a minimum, when we issue CVE / security errata that affects an > > image, I'd expect us to also rebuild and publish new cloud images > > pretty much synchronously. > > Secure Boot support could benefit from image respins as well, if we > ever start blacklisting kernels which threaten (our interpretation > of) the Secure Boot security model. Right now, this isn't necessary > because other distributions allegedly grant unrestricted ring 0 > access by design, but this might change in the future. If we do decide to do this, it would need releng/infra/qa/fesco buyin at least. I suspect it would also require more people stepping up in those areas to make it happen (unless we were willing to delay new releases to push out new security related images for existing releases). kevin
Attachment:
signature.asc
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
