Fedora Atomic and Docker Host Image [was Re: Docker Host Image: Requirements?]
Matthew Miller
mattdm at fedoraproject.org
Tue Mar 11 13:11:46 UTC 2014
On Tue, Mar 11, 2014 at 08:56:50AM -0400, Josh Boyer wrote:
> > Since isn't the only driver for the kernel work you're doing either, I
> > don't think. Another big advantage is that the modularized drivers will
> > allow us to skip out-of-schedule updates for security updates in the
> > driver package.
> Erm.. only if you manually pay attention to where the driver is for a
> particular CVE. It's a subpackage, not a separate package. As far as
Yes, I think that is worth doing. Let me explain more. :)
We're talking about having monthly refreshed images, with all bugfixes and
security updates and everything together. When there is a critical security
flaw in a package on the latest update, we also want to produce an
"off-cycle" one manually. If we can look at the CVE and see that the image
isn't impacted, we can skip it.
Someone then doing a yum install of the driver package on top of the image
would presumably also get the new version and base kernel update.
--
Matthew Miller -- Fedora Project -- <mattdm at fedoraproject.org>
More information about the cloud
mailing list