Fedora Atomic and Docker Host Image [was Re: Docker Host Image: Requirements?]

Matthew Miller mattdm at fedoraproject.org
Tue Mar 11 13:11:46 UTC 2014

On Tue, Mar 11, 2014 at 08:56:50AM -0400, Josh Boyer wrote:
> > Since isn't the only driver for the kernel work you're doing either, I
> > don't think. Another big advantage is that the modularized drivers will
> > allow us to skip out-of-schedule updates for security updates in the
> > driver package.
> Erm.. only if you manually pay attention to where the driver is for a
> particular CVE.  It's a subpackage, not a separate package.  As far as

Yes, I think that is worth doing. Let me explain more. :)

We're talking about having monthly refreshed images, with all bugfixes and
security updates and everything together. When there is a critical security
flaw in a package on the latest update, we also want to produce an
"off-cycle" one manually. If we can look at the CVE and see that the image
isn't impacted, we can skip it.

Someone then doing a yum install of the driver package on top of the image
would presumably also get the new version and base kernel update.

Matthew Miller    --   Fedora Project    --    <mattdm at fedoraproject.org>

More information about the cloud mailing list