The plan for merging CoreOS into Red Hat
The plan for merging CoreOS into Red Hat
Posted May 15, 2018 9:21 UTC (Tue) by nim-nim (subscriber, #34454)In reply to: The plan for merging CoreOS into Red Hat by nevyn
Parent article: The plan for merging CoreOS into Red Hat
The container + private copy thing means you can avoid dealing with code changes in the code of those other projects.
But avoiding dealing with code changes also means avoiding propagating fixes.
Posted May 15, 2018 12:31 UTC (Tue)
by liw (subscriber, #6379)
[Link] (1 responses)
In other words, I agree with nim-nim on embedding code copies on containers. We have a problem and we need to solve it.
The same problem occurs in other contexts as well, when embedding dependencies are used. There's a clear need for a solution to this problem that makes sure security fixes, and other fixes to sufficiently grave bugs, get smoothly and swiftly and securely distributed to all the embedded copies.
In a way it's similar to what distributions like Debian do for their stable releases: packaged software is not updated to every new upstream version, fixes are backported to the versions in the stable release. I fear the way Debian does this is highly labour intensive, and probably doesn't scale.
Note that technical solutions are not enough. There is also a need for the software developers, sysadmins, and users to understand the issues, and to use whatever solutions there are.
I don't have the solution, but I do see the problem.
Posted May 15, 2018 23:29 UTC (Tue)
by pabs (subscriber, #43278)
[Link]
The Debian security team has automated some aspects of their patch backporting:
The plan for merging CoreOS into Red Hat
The plan for merging CoreOS into Red Hat