cloud image updates (for f20 and beyond)
Josh Bressers
bressers at redhat.com
Tue Jul 16 03:16:02 UTC 2013
----- Original Message -----
> Hi security team. I'm working on
>
> https://fedoraproject.org/wiki/Changes/VisibleCloud
>
> which proposes promoting the Fedora Cloud image on basically equal footing
> with the desktop download. Daniel Berrange gave the useful feedback that
> while installation-based distribution allows one to install updates at build
> time, image-based distribution means that the image must be booted to apply
> updates, giving a window of insecurity. (Unless careful measures are taken.)
>
> When there was a security issue with the previous Fedora image, we did do a
> fire-drill with an adhoc respin and pushed new images. Dan suggests that we
> develop (in coordination with the qa and release engineering teams) a
> security policy for updates to the cloud image.
>
> Is this of interest?
>
I think this is of great interest to us. It's a whole new way of thinking
about the distribution. New concepts like this always bring new challenges.
So needing to respin images is almost certainly going to happen. I suspect
there isn't going to be an easy way to define what that is though. Some
people might care about local root issues, remote root is obviously bad no
matter what. What about system level denial of service? The attack surface
potential here is going to be REALLY high. Our challenge will be to think
of this not as a normal distribution, but as a cloud image (which I'm
currently not doing in my head).
I'm unsure what I think about the concern with needing to boot an image to
apply updates. This is true of a fresh install, no? This update problem will
be dictated by what's running on an image at boot time.
Anyhow, I think this is a good conversation opener. If anyone has any ideas
about what we should be worried about, thinking about, or if you have a
clever idea, let us know.
Thanks Matthew.
--
JB
More information about the security
mailing list