[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian images on Microsoft Azure cloud



[ Apologies for delayed responses - massively busy in the last week
  ... ]

On Thu, Nov 12, 2015 at 10:04:19PM +0100, Thomas Goirand wrote:
>On 11/12/2015 07:58 PM, Bastian Blank wrote:
>
>> Also none of the built stuff is updated regulary with security
>> fixes.
>
>If you think we should do more regular updates of the cloud images (ie:
>more often than the point releases), then we can discuss this with
>Steve. The shellshock and heartbleed holes for examples, were very valid
>cases were an update of these images would have been desirable.
>
>It would be a very good idea to trigger builds if there's a DSA on a
>package included in the image. I don't think it'd be too hard to implement.
>
>Steve, your thoughts on this specific problem?

That's a very good question, and one I'll admit that I'd not paid much
attention to. Unless the images are set up to auto-update at boot (is
that a sensible thing? Do any of the published images do this?), we
should definitely be updating/replacing our official images
regularly. So... Should we just get into the habit of doing a rebuild
once weekly/monthly? If you'd rather trigger on security bugs, a cron
script to check the list of included packages for updates will be
needed.

If we want truly responsive builds in that latter case, then we'll
possibly need to change the signing that happens too. The existing
debian-cd signatures are done by hand for the stable builds.

-- 
Steve McIntyre, Cambridge, UK.                                steve@einval.com
You lock the door
And throw away the key
There's someone in my head but it's not me 


Reply to: