new f19/f20 images

Wed Apr 16 22:24:06 UTC 2014

On Wed, Apr 16, 2014 at 11:23:15PM +0200, drago01 wrote:
> Since when do we do something like this? Sounds like an over reaction to me.
> Installing (security) updates is the first thing you should do after
> installing anyway and besides who decided this and when?
> What are the criteria for doing updated images?

Right now, it's "when the security team says we should", pretty much.

In this case, since so much is linked against the affected library, and
since services need to be restarted in order for the update to meaningful, I
think it's a reasonable thing to do for our users.

For cloud, we did it previously when it was discovered that the root
password wasn't properly locked (kickstart misconfiguration). In the future
(see the change proposal), we *do* need some clear guidelines, as well as
planned-out procedures.

-- 
Matthew Miller    --   Fedora Project    --    <mattdm at fedoraproject.org>
                                  "Tepid change for the somewhat better!"