On Sun, Oct 14, 2018 at 10:53:19AM -0700, Noah Meyerhans wrote: > I've submitted requests to the AWS Marketplace to remove our Jessie > listings. They haven't yet acted on these requests, but they should do > so in the coming week. It sounds like the removal of the jessie listings has taken effect, and this is apparently causing some pain for users. The AWS Marketplace team has reached out to be to relay that they've been contacted by multiple customers who are still relying on the jessie and are confused by their disappearance. It seems that a good number of them are aware of LTS and are expecting to make use of it. I wonder if it might be worth it to continue to list the jessie images? I also wonder if it might be worth it to update them with the 4.9 kernel from LTS security? It's necessary for full KPTI, and thus the most complete mitigations for the spectre/meltdown bugs, etc. As I understand the concerns raised at the cloud sprint, most of them were around the kernel. If the LTS team is keeping 4.9 fresh in jessie, these concerns may be addressed. As it is, a freshly booted instance of the latest published jessie AMI has >100 outstanding package updates, so some kind of update is definitely warranted if we're going to keep publishing them. I don't mind doing this work, but these AMIs were created by jeb using bootstrap-vz, and I don't know how that works or where the configuration for them lives. What do people think? Does anybody have particularly strong objections to putting the AWS Marketplace listing for jessie back up? I think we may have been hasty with the EOL of the jessie images, at least on AWS. noah
Attachment:
signature.asc
Description: PGP signature