F21 System Wide Change: (A)Periodic Updates to Images

Kevin Fenzi kevin at scrye.com
Tue Apr 15 17:35:32 UTC 2014 

On Tue, 15 Apr 2014 12:08:34 -0400
Matthew Miller <mattdm at fedoraproject.org> wrote:

> On Tue, Apr 15, 2014 at 09:07:47AM -0600, Kevin Fenzi wrote:
> > Might be good to specify better what a 'severe security issue' is. 
> > 
> > Perhaps "Any update rated "important" or higher on the severity
> > scale?
> > https://access.redhat.com/site/security/updates/classification/
> 
> Yeah, that needs to be worked out. If you think it needs to be worked
> out as part of the initial change proposal, I will try to get on
> doing that. I think it might be a little narrower than "any
> important" -- maybe "any critical + any important likely to affect
> cloud users in common configurations". Off the top of my head,
> probably would not update for local DoS attacks (keeping in mind of
> course that yum update would be available.)

Sure. I don't know if it has to be decided now, but it should be before
we announce it. There should be a clear expectation, IMHO. 

> > Also, is the expectation that we would keep all images around
> > forever? Or only the general release and latest image would be kept
> > available and the others would be removed or archived?
> 
> I think we would treat them like update RPMs on the mirrors -- older
> updates time out eventually. But good question that Fedora
> Infrastructure could help answer :). What *can* we keep?

Well, we have a promise to mirrors to keep all main Fedora stuff under
1TB. I have no idea how all the f21 changes will be affecting that. 

IMHO, I would personally say we keep the GA release one always, and
then keep just the most recent update one. All older update ones move
over to the archive space, or if we are doing them in koji, they would
just be kept there and could be deleted. 

kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140415/a56a991a/attachment.sig>

More information about the devel mailing list