Re: Deprecating AMIs for: 6.0.6, 7.1 (pre-ECC hostkey fix)

To: James Bromberger <james@rcpt.to>
Cc: debian-cloud <debian-cloud@lists.debian.org>
Subject: Re: Deprecating AMIs for: 6.0.6, 7.1 (pre-ECC hostkey fix)
From: Brian Gupta <brian.gupta@brandorr.com>
Date: Tue, 9 Jul 2013 08:03:56 -0400
Message-id: <[🔎] CACFaiRwObVTk0nZMwvzkefrJJ-EBkj4VpPXd0bU-Mfq7m5y6dQ@mail.gmail.com>
In-reply-to: <[🔎] 51D64EF5.7040103@rcpt.to>
References: <[🔎] 51D64EF5.7040103@rcpt.to>

On Fri, Jul 5, 2013 at 12:43 AM, James Bromberger <james@rcpt.to> wrote:
> Hello all,
>
> I am proposing to remove the following deprecated Debian AMIs:
>
> Debian Squeeze (base install AMI) 6.0.6, 32 and 64 bit (PVM EBS Root). This
> is superseded by 6.0.7 which we will keep available as the latest release
> from the 6.x.
> Debian Wheezy 7.1 (base install AMI) 32 and 64 bit (PVM EBS Root). This is
> superseded by 7.1a with the ECC fix (as of today).
>
> I propose to remove public visibility of these AMIs on 22 July 2013 from the
> Debian AWS account's AMIs. Please contact me if you are currently using
> these specific AMIs in any Regions from the Debian AWS Account. All user
> Launch Configurations (as used by AutoScale) and CloudFormation templates
> should be updated to reference the newer 6.07 or 7.1a AMIs prior to this
> date. I will wait at least a week after 22nd July before removing these AMIs
> completely.
>
> This leaves me with a question over the 7.0 release (which will have the
> same ECC vulnerability). Should we deprecate (and remove) this? Feedback
> required! ;)

As much as I would greatly prefer that we don't deprecate AMIs this
quickly, I suspect that this vulnerability is reason to make an
exception.

If it's not to much work to publish new 7.0 images that largely
contain the same package versions, I think we should consider it. That
said, I don't feel that strongly about it, as things are gonna break
no matter what for those who have automation build around the old
AMIs. This just leaves folks who have qualified on the 7.0 images and
package versions, and I am not sure how many people have done so.  (I
am guessing this is a very small contingent, if any.)

If we wanted to just deprecate them without a replacement, I think
that wouldn't be the end of the world either. (Unfortunately there
isn't a way to keep the old AMI IDs and replace them with updated 7.0
images. If there was, that would be what I would suggest.)

-Brian

> Thanks all,
>   James
> --
> Mobile: +61 422 166 708, Email: james_AT_rcpt.to

Reply to:

Follow-Ups:
- Re: Deprecating AMIs for: 6.0.6, 7.1 (pre-ECC hostkey fix)
  - From: Anders Ingemann <anders@ingemann.de>
- Re: Deprecating AMIs for: 6.0.6, 7.1 (pre-ECC hostkey fix)
  - From: James Bromberger <james@rcpt.to>

References:
- Deprecating AMIs for: 6.0.6, 7.1 (pre-ECC hostkey fix)
  - From: James Bromberger <james@rcpt.to>

Prev by Date: Re: build-debian-cloud python version preview
Next by Date: Re: Deprecating AMIs for: 6.0.6, 7.1 (pre-ECC hostkey fix)
Previous by thread: Deprecating AMIs for: 6.0.6, 7.1 (pre-ECC hostkey fix)
Next by thread: Re: Deprecating AMIs for: 6.0.6, 7.1 (pre-ECC hostkey fix)
Index(es):
- Date
- Thread