Re: Security updates
Hi Tobias,
On Fri, Apr 05, 2019 at 06:22:47PM +0200, Tobias Koeck wrote:
> I want to use the Debian Stretch AMI to use as an image for Kubernetes /
> Kops base. As I have seen there are some updates with the image
> [1]https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch
> - Do you implement all updates which are also included in the normal ISO
> package release?
In general, the images are updated whenever a bundled package is updated
that requires a reboot in order to apply definitively. Kernel, glibc,
and openssl changes almost always fall under this category.
(Note that there's a pending kernel update on the published AMIs today,
but it fixes a boot issue on 32-bit ARM systems, and nothing else, so I
have not updated the AMIs to include it.)
> - How long does it take to implement the security patches until it is in
> the AMI?
> - What happens with a critical security patch? Will it be implemented
> immediately in the AMI?
Typically AMIs are updated on the same day that a security update is
available. In practice, until we have more automation in place for
performing AMI releases (which is a WIP), I'm the only one performing
updates, so my unavailability could delay publication.
> - Is the Unattended Upgrade activated in the AMI?
yes
noah
Reply to: