Re: Proposed automatic update of packages in default GCE image; was "Re: Updating images on GCE to address CVE-2014-0160"
Le Fri, Apr 11, 2014 at 10:30:13AM -0700, Tyler Riddle a écrit :
> 2) Debian is the universal operating system. Debian Stable doesn't change.
> The Debian cloud images have been anything but stable. What is being released
> as Debian/Wheezy cloud images is forming into a Debian derivative with a far
> faster release cycle than anyone who is familiar with Debian Stable would be
> expecting yet the labeling is still Debian.
I think that there is at least a “broad consensus” that Debian cloud images
should not behave differently than standard Debian installations. However, I
think that most if not all cloud images developed here are still in testing
phase, even if they can be quite usable and even if they are based on Debian
stable. Thus, the fast release cycle is not a design goal, it only reflects
the state of our cloud projects in general.
More directly on the question of applying directly security updates or not: I
think that the simplest is to let users implement it at boot time with tools
such as cloud-init. And of course, we have to document how to do, and explain
why and when it is most important.
Have a nice week-end,
Tsurumi, Kanagawa, Japan