<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 07/20/2015 02:13 PM, Dennis Gilmore
wrote:<br>
</div>
<blockquote class=" cite" id="mid_5010768_Tzu4bXtPrK_ra_ausil_us"
cite="mid:5010768.Tzu4bXtPrK@ra.ausil.us" type="cite">
<pre wrap="">On Monday, July 20, 2015 01:00:34 PM Josh Boyer wrote:
</pre>
<blockquote class=" cite" id="Cite_3043333" type="cite">
<pre wrap="">On Mon, Jul 20, 2015 at 12:39 PM, Adam Miller
<a class="moz-txt-link-rfc2396E" href="mailto:maxamillion@fedoraproject.org"><maxamillion@fedoraproject.org></a> wrote:
</pre>
<blockquote class=" cite" id="Cite_7999942" type="cite">
<pre wrap="">
There was an issue ticket filed against the Fedora Docker Base
Images[0] github repo requesting that older End-Of-Life'd (EOL'd)
Fedora releases be made available as docker images[1] ...</pre>
</blockquote>
<pre wrap="">Even if this is positioned as "archival" or "research", I think
providing these after EOL is simply going to lead to further use of an
EOL Fedora. That is essentially setting up those users for security
exploits and a poor user experience when none of their bugs will be
fixed.
</pre>
</blockquote>
<pre wrap="">I agree with Josh 100% here. we should not enable people to run unsupported
software.
</pre>
</blockquote>
And there's the rub---containers are about creating isolated
environments for a specific integration purpose.<br>
Unfortunately, updating and patching is at cross purposes to that,
so we have this creative tension :).<br>
<br>
Modern package-based systems like Fedora achieved a practical "patch
early and often" setup with responsive security posture, but they
are subject to creeping subsystem incompatibilities. Containers
deliver integrated systems that address very well the initial
requirements, but I haven't seen a good story on how they respond to
dynamical security demands. So far their track record is not so good
( "over 30% of official images in Docker Hub contain high priority
security vulnerabilities", <a class="moz-txt-link-freetext"
href="http://www.infoq.com/news/2015/05/Docker-Image-Vulnerabilities">http://www.infoq.com/news/2015/05/Docker-Image-Vulnerabilities</a>
).<br>
<br>
I am really curious how will this play out.<br>
</body>
</html>