[
https://issues.apache.org/jira/browse/DAFFODIL-2714?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mike Beckerle updated DAFFODIL-2714:
------------------------------------
Priority: Minor (was: Major)
> Release candidate container does not support security updates
> -------------------------------------------------------------
>
> Key: DAFFODIL-2714
> URL: https://issues.apache.org/jira/browse/DAFFODIL-2714
> Project: Daffodil
> Issue Type: Bug
> Components: Infrastructure
> Reporter: Steve Lawrence
> Priority: Minor
>
> Commit 660188266aa171ac536d1182486fabf411dc18be modified the release
> candidate container to not install any packages from the "Fedora Updates".
> The goal was to ensure no matter when you built, you would get the exact same
> packages, which improves reproducability and lessens the chance for the build
> to break if Fedora updates a package.
> However, this means that the container does not receive any security updates
> as well. While it's unlikely security issues could affect the build since all
> code run in the container is trusted, we should come up with a way to ensure
> security updates are applied, preferably without requiring that someone
> delete and rebuild the entire container for every release.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
