F21 System Wide Change: (A)Periodic Updates to Images

[drago01]

On Tue, Apr 15, 2014 at 7:35 PM, Kevin Fenzi <kevin at scrye.com> wrote:
> On Tue, 15 Apr 2014 12:08:34 -0400
> Matthew Miller <mattdm at fedoraproject.org> wrote:
>
>> On Tue, Apr 15, 2014 at 09:07:47AM -0600, Kevin Fenzi wrote:
>> > Might be good to specify better what a 'severe security issue' is.
>> >
>> > Perhaps "Any update rated "important" or higher on the severity
>> > scale?
>> > https://access.redhat.com/site/security/updates/classification/
>>
>> Yeah, that needs to be worked out. If you think it needs to be worked
>> out as part of the initial change proposal, I will try to get on
>> doing that. I think it might be a little narrower than "any
>> important" -- maybe "any critical + any important likely to affect
>> cloud users in common configurations". Off the top of my head,
>> probably would not update for local DoS attacks (keeping in mind of
>> course that yum update would be available.)
>
> Sure. I don't know if it has to be decided now, but it should be before
> we announce it. There should be a clear expectation, IMHO.
>
>> > Also, is the expectation that we would keep all images around
>> > forever? Or only the general release and latest image would be kept
>> > available and the others would be removed or archived?
>>
>> I think we would treat them like update RPMs on the mirrors -- older
>> updates time out eventually. But good question that Fedora
>> Infrastructure could help answer :). What *can* we keep?
>
> Well, we have a promise to mirrors to keep all main Fedora stuff under
> 1TB. I have no idea how all the f21 changes will be affecting that.
>
> IMHO, I would personally say we keep the GA release one always, and
> then keep just the most recent update one. All older update ones move
> over to the archive space, or if we are doing them in koji, they would
> just be kept there and could be deleted.

This would make sense  for non cloud images as well. Is there any
reason why we have to restrict that to the cloud?