Hi Tobias, On Fri, Apr 05, 2019 at 06:22:47PM +0200, Tobias Koeck wrote: > I want to use the Debian Stretch AMI to use as an image for Kubernetes / > Kops base. As I have seen there are some updates with the image > [1]https://wiki.debian.org/Cloud/AmazonEC2Image/Stretch > - Do you implement all updates which are also included in the normal ISO > package release?
In general, the images are updated whenever a bundled package is updated that requires a reboot in order to apply definitively. Kernel, glibc, and openssl changes almost always fall under this category. (Note that there's a pending kernel update on the published AMIs today, but it fixes a boot issue on 32-bit ARM systems, and nothing else, so I have not updated the AMIs to include it.) > - How long does it take to implement the security patches until it is in > the AMI? > - What happens with a critical security patch? Will it be implemented > immediately in the AMI? Typically AMIs are updated on the same day that a security update is available. In practice, until we have more automation in place for performing AMI releases (which is a WIP), I'm the only one performing updates, so my unavailability could delay publication. > - Is the Unattended Upgrade activated in the AMI? yes noah
