Hosting End-Of-Life Fedora Base images?

Przemek Klosowski przemek.klosowski at
Mon Jul 20 19:14:42 UTC 2015

On 07/20/2015 02:52 PM, Adam Miller wrote:
> On Mon, Jul 20, 2015 at 1:46 PM, Przemek Klosowski
> <przemek.klosowski at> wrote:
>> Modern package-based systems like Fedora achieved a practical "patch early
>> and often" setup with responsive security posture, but they are subject to
>> creeping subsystem incompatibilities. Containers deliver integrated systems
>> that address very well the initial requirements, but I haven't seen a good
>> story on how they respond to dynamical security demands. So far their track
>> record is not so good ( "over 30% of official images in Docker Hub contain
>> high priority security vulnerabilities",
>> ).
> I'm mostly interested in the general consensus behind if we should
> make an effort to ship previously EOL'd Fedora releases. If you were
> aiming to make an argument for or against it then my apologies and I
> would like to request clarification because I misunderstood and am
> unsure if you were for or against.
I think it is a bad idea because it essentially sanctions choosing 
obsolete setups with unknown security and operational properties.
I understand baking a container from fresh ingredients---yes, it'll be 
subject to dynamic security decay, but at least it'll be good in the 

In contrast, a containerized obsolete system should be basically 
considered shot right from the moment it was created, and then it will 
get worse as the time goes on.

I think we should discourage this on principle.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the devel mailing list