[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Deprecating AMIs for: 6.0.6, 7.1 (pre-ECC hostkey fix)



On 9 July 2013 14:03, Brian Gupta <brian.gupta@brandorr.com> wrote:
> On Fri, Jul 5, 2013 at 12:43 AM, James Bromberger <james@rcpt.to> wrote:
>> Hello all,
>>
>> I am proposing to remove the following deprecated Debian AMIs:
>>
>> Debian Squeeze (base install AMI) 6.0.6, 32 and 64 bit (PVM EBS Root). This
>> is superseded by 6.0.7 which we will keep available as the latest release
>> from the 6.x.
>> Debian Wheezy 7.1 (base install AMI) 32 and 64 bit (PVM EBS Root). This is
>> superseded by 7.1a with the ECC fix (as of today).
>>
>> I propose to remove public visibility of these AMIs on 22 July 2013 from the
>> Debian AWS account's AMIs. Please contact me if you are currently using
>> these specific AMIs in any Regions from the Debian AWS Account. All user
>> Launch Configurations (as used by AutoScale) and CloudFormation templates
>> should be updated to reference the newer 6.07 or 7.1a AMIs prior to this
>> date. I will wait at least a week after 22nd July before removing these AMIs
>> completely.
>>
>> This leaves me with a question over the 7.0 release (which will have the
>> same ECC vulnerability). Should we deprecate (and remove) this? Feedback
>> required! ;)
>
> As much as I would greatly prefer that we don't deprecate AMIs this
> quickly, I suspect that this vulnerability is reason to make an
> exception.
>
> If it's not to much work to publish new 7.0 images that largely
> contain the same package versions, I think we should consider it. That
> said, I don't feel that strongly about it, as things are gonna break
> no matter what for those who have automation build around the old
> AMIs. This just leaves folks who have qualified on the 7.0 images and
> package versions, and I am not sure how many people have done so.  (I
> am guessing this is a very small contingent, if any.)
>
> If we wanted to just deprecate them without a replacement, I think
> that wouldn't be the end of the world either. (Unfortunately there
> isn't a way to keep the old AMI IDs and replace them with updated 7.0
> images. If there was, that would be what I would suggest.)
>
> -Brian
>
>> Thanks all,
>>   James
>> --
>> Mobile: +61 422 166 708, Email: james_AT_rcpt.to
>
>
> --
> To UNSUBSCRIBE, email to debian-cloud-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: CACFaiRwObVTk0nZMwvzkefrJJ-EBkj4VpPXd0bU-Mfq7m5y6dQ@mail.gmail.com">http://lists.debian.org/CACFaiRwObVTk0nZMwvzkefrJJ-EBkj4VpPXd0bU-Mfq7m5y6dQ@mail.gmail.com
>

There is no need to deprecate the squeeze AMIs, they do not have an
ECDSA hostkey.


Reply to: