Re: Hosting End-Of-Life Fedora Base images?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jul 20, 2015 at 1:46 PM, Przemek Klosowski
<przemek.klosowski@xxxxxxxx> wrote:
> On 07/20/2015 02:13 PM, Dennis Gilmore wrote:
>
> On Monday, July 20, 2015 01:00:34 PM Josh Boyer wrote:
>
> On Mon, Jul 20, 2015 at 12:39 PM, Adam Miller
>
> <maxamillion@xxxxxxxxxxxxxxxxx> wrote:
>
> There was an issue ticket filed against the Fedora Docker Base
> Images[0] github repo requesting that older End-Of-Life'd (EOL'd)
> Fedora releases be made available as docker images[1] ...
>
> Even if this is positioned as "archival" or "research", I think
> providing these after EOL is simply going to lead to further use of an
> EOL Fedora.  That is essentially setting up those users for security
> exploits and a poor user experience when none of their bugs will be
> fixed.
>
> I agree with Josh 100% here. we should not enable people to run unsupported
> software.
>
> And there's the rub---containers are about creating isolated environments
> for a specific integration purpose.
> Unfortunately, updating and patching is at cross purposes to that, so we
> have this creative tension :).
>
> Modern package-based systems like Fedora achieved a practical "patch early
> and often" setup with responsive security posture, but they are subject to
> creeping subsystem incompatibilities. Containers deliver integrated systems
> that address very well the initial requirements, but I haven't seen a good
> story on how they respond to dynamical security demands. So far their track
> record is not so good ( "over 30% of official images in Docker Hub contain
> high priority security vulnerabilities",
> http://www.infoq.com/news/2015/05/Docker-Image-Vulnerabilities ).
>
> I am really curious how will this play out.

I don't really want to get too far down the road of the philosophy
behind containerized environments versus "traditional" but on the
topic of security in container images, this is something that is being
worked on and one example of that is image-scanner[0].

I'm mostly interested in the general consensus behind if we should
make an effort to ship previously EOL'd Fedora releases. If you were
aiming to make an argument for or against it then my apologies and I
would like to request clarification because I misunderstood and am
unsure if you were for or against.

-AdamM

[0] - https://github.com/baude/image-scanner

>
> --
> devel mailing list
> devel@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/devel
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux