On Thu, Apr 17, 2014 at 12:24 AM, Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> wrote: > On Wed, Apr 16, 2014 at 11:23:15PM +0200, drago01 wrote: >> Since when do we do something like this? Sounds like an over reaction to me. >> Installing (security) updates is the first thing you should do after >> installing anyway and besides who decided this and when? >> What are the criteria for doing updated images? > > Right now, it's "when the security team says we should", pretty much. I am not against this change (see my mail in the other thread). But it should have a better process then "someone decides about it and do it without telling anyone about it so it gets no testing until after its done". > In this case, since so much is linked against the affected library, and > since services need to be restarted in order for the update to meaningful, I > think it's a reasonable thing to do for our users. (and people complain about offline updates ...) > For cloud, we did it previously when it was discovered that the root > password wasn't properly locked (kickstart misconfiguration). In the future > (see the change proposal), we *do* need some clear guidelines, as well as > planned-out procedures. *nod* -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
