F21 System Wide Change: (A)Periodic Updates to Images

Matthew Miller mattdm at fedoraproject.org
Tue Apr 15 16:08:34 UTC 2014

On Tue, Apr 15, 2014 at 09:07:47AM -0600, Kevin Fenzi wrote:
> Might be good to specify better what a 'severe security issue' is. 
> Perhaps "Any update rated "important" or higher on the severity scale?
> https://access.redhat.com/site/security/updates/classification/

Yeah, that needs to be worked out. If you think it needs to be worked out as
part of the initial change proposal, I will try to get on doing that. I
think it might be a little narrower than "any important" -- maybe "any
critical + any important likely to affect cloud users in common
configurations". Off the top of my head, probably would not update for local
DoS attacks (keeping in mind of course that yum update would be available.)

> Also, is the expectation that we would keep all images around forever? 
> Or only the general release and latest image would be kept available
> and the others would be removed or archived?

I think we would treat them like update RPMs on the mirrors -- older updates
time out eventually. But good question that Fedora Infrastructure could help
answer :). What *can* we keep?

Matthew Miller    --   Fedora Project    --    <mattdm at fedoraproject.org>
                                  "Tepid change for the somewhat better!"

More information about the devel mailing list