F20 System Wide Change: Visible Cloud
Florian Weimer
fweimer at redhat.com
Tue Jul 16 08:55:40 UTC 2013
On 07/15/2013 12:34 PM, Daniel P. Berrange wrote:
> I'm not suggesting we need to rebuild images for every update, but at a
> minimum, when we issue CVE / security errata that affects an image, I'd
> expect us to also rebuild and publish new cloud images pretty much
> synchronously.
Secure Boot support could benefit from image respins as well, if we ever
start blacklisting kernels which threaten (our interpretation of) the
Secure Boot security model. Right now, this isn't necessary because
other distributions allegedly grant unrestricted ring 0 access by
design, but this might change in the future.
--
Florian Weimer / Red Hat Product Security Team
More information about the devel
mailing list