Hi security team. I'm working on
https://fedoraproject.org/wiki/Changes/VisibleCloud
which proposes promoting the Fedora Cloud image on basically equal footing
with the desktop download. Daniel Berrange gave the useful feedback that
while installation-based distribution allows one to install updates at build
time, image-based distribution means that the image must be booted to apply
updates, giving a window of insecurity. (Unless careful measures are taken.)
When there was a security issue with the previous Fedora image, we did do a
fire-drill with an adhoc respin and pushed new images. Dan suggests that we
develop (in coordination with the qa and release engineering teams) a
security policy for updates to the cloud image.
Is this of interest?
--
Matthew Miller ☁☁☁ Fedora Cloud Architect ☁☁☁ <mattdm(a)fedoraproject.org>