Hosting End-Of-Life Fedora Base images?

Przemek Klosowski przemek.klosowski at nist.gov
Mon Jul 20 18:46:32 UTC 2015


On 07/20/2015 02:13 PM, Dennis Gilmore wrote:
> On Monday, July 20, 2015 01:00:34 PM Josh Boyer wrote:
>> On Mon, Jul 20, 2015 at 12:39 PM, Adam Miller
>>
>> <maxamillion at fedoraproject.org> wrote:
>>> There was an issue ticket filed against the Fedora Docker Base
>>> Images[0] github repo requesting that older End-Of-Life'd (EOL'd)
>>> Fedora releases be made available as docker images[1] ...
>> Even if this is positioned as "archival" or "research", I think
>> providing these after EOL is simply going to lead to further use of an
>> EOL Fedora.  That is essentially setting up those users for security
>> exploits and a poor user experience when none of their bugs will be
>> fixed.
> I agree with Josh 100% here. we should not enable people to run unsupported
> software.
>
And there's the rub---containers are about creating isolated 
environments for a specific integration purpose.
Unfortunately, updating and patching is at cross purposes to that, so we 
have this creative tension :).

Modern package-based systems like Fedora achieved a practical "patch 
early and often" setup with responsive security posture, but they are 
subject to creeping subsystem incompatibilities. Containers deliver 
integrated systems that address very well the initial requirements, but 
I haven't seen a good story on how they respond to dynamical security 
demands. So far their track record is not so good ( "over 30% of 
official images in Docker Hub contain high priority security 
vulnerabilities", 
http://www.infoq.com/news/2015/05/Docker-Image-Vulnerabilities ).

I am really curious how will this play out.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150720/4e625727/attachment.html>


More information about the devel mailing list