|
On 07/20/2015 02:13 PM, Dennis Gilmore
wrote:
And there's the rub---containers are about creating isolated environments for a specific integration purpose.On Monday, July 20, 2015 01:00:34 PM Josh Boyer wrote:On Mon, Jul 20, 2015 at 12:39 PM, Adam Miller <maxamillion@xxxxxxxxxxxxxxxxx> wrote:There was an issue ticket filed against the Fedora Docker Base Images[0] github repo requesting that older End-Of-Life'd (EOL'd) Fedora releases be made available as docker images[1] ...Even if this is positioned as "archival" or "research", I think providing these after EOL is simply going to lead to further use of an EOL Fedora. That is essentially setting up those users for security exploits and a poor user experience when none of their bugs will be fixed.I agree with Josh 100% here. we should not enable people to run unsupported software. Unfortunately, updating and patching is at cross purposes to that, so we have this creative tension :). Modern package-based systems like Fedora achieved a practical "patch early and often" setup with responsive security posture, but they are subject to creeping subsystem incompatibilities. Containers deliver integrated systems that address very well the initial requirements, but I haven't seen a good story on how they respond to dynamical security demands. So far their track record is not so good ( "over 30% of official images in Docker Hub contain high priority security vulnerabilities", http://www.infoq.com/news/2015/05/Docker-Image-Vulnerabilities ). I am really curious how will this play out. |
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
