On 07/16/2013 06:09 PM, Kevin Fenzi wrote:
On Tue, 16 Jul 2013 10:55:40 +0200
Florian Weimer <fweimer@xxxxxxxxxx> wrote:
On 07/15/2013 12:34 PM, Daniel P. Berrange wrote:
I'm not suggesting we need to rebuild images for every update, but
at a minimum, when we issue CVE / security errata that affects an
image, I'd expect us to also rebuild and publish new cloud images
pretty much synchronously.
Secure Boot support could benefit from image respins as well, if we
ever start blacklisting kernels which threaten (our interpretation
of) the Secure Boot security model. Right now, this isn't necessary
because other distributions allegedly grant unrestricted ring 0
access by design, but this might change in the future.
If we do decide to do this, it would need releng/infra/qa/fesco buyin at
least. I suspect it would also require more people stepping up in those
areas to make it happen (unless we were willing to delay new releases to
push out new security related images for existing releases).
Sure, we're certainly lucky that we don't have to do this yet. It will
be interesting to see which side (restrictive vs permissive mode after
booting) wins in the end.
--
Florian Weimer / Red Hat Product Security Team
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
