On Tue, Aug 27, 2019 at 01:22 John Harris wrote: [snip] > No online updates is the exact issue I see with this. That's a security nightmare. > > If you don't have a package manager there, it simply will not be updated. > It'll be installed once, then either left there forever, un-updated, with tons > of vulnerabilities piling up. > IIUC the proposal from Christian to use rpm-ostree as a build stage to produce the runtime container, then you can still do online update, but instead of commiting the result of a dnf update, you commit a new rpm-ostree composed rootfs. Regards, -Tristan
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
