|
On 07/20/2015 02:52 PM, Adam Miller
wrote:
I think it is a bad idea because it essentially sanctions choosing obsolete setups with unknown security and operational properties.On Mon, Jul 20, 2015 at 1:46 PM, Przemek Klosowski <przemek.klosowski@xxxxxxxx> wrote:Modern package-based systems like Fedora achieved a practical "patch early and often" setup with responsive security posture, but they are subject to creeping subsystem incompatibilities. Containers deliver integrated systems that address very well the initial requirements, but I haven't seen a good story on how they respond to dynamical security demands. So far their track record is not so good ( "over 30% of official images in Docker Hub contain high priority security vulnerabilities", http://www.infoq.com/news/2015/05/Docker-Image-Vulnerabilities ).I'm mostly interested in the general consensus behind if we should make an effort to ship previously EOL'd Fedora releases. If you were aiming to make an argument for or against it then my apologies and I would like to request clarification because I misunderstood and am unsure if you were for or against. I understand baking a container from fresh ingredients---yes, it'll be subject to dynamic security decay, but at least it'll be good in the beginning. In contrast, a containerized obsolete system should be basically considered shot right from the moment it was created, and then it will get worse as the time goes on. I think we should discourage this on principle. |
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
