Re: F21 System Wide Change: (A)Periodic Updates to Images
On Tue, 2014-04-15 at 22:58 +0200, drago01 wrote: On Tue, Apr 15, 2014 at 10:53 PM, Bruno Wolff III br...@wolff.to wrote: On Tue, Apr 15, 2014 at 22:55:21 +0200, drago01 drag...@gmail.com wrote: This would make sense for non cloud images as well. Is there any reason why we have to restrict that to the cloud? QA resource limits. The gold image remains in place ... so we have it as a fallback. It's still an extremely bad experience to find that Fedora provides an 'official!' updated release image, try and use it, and find it's broken. Even if you can 'fall back' to the original image, it doesn't give you a great impression of Fedora. (Neither, it's true, does finding the initial image doesn't work for you and there isn't an updated one, but I think we do a reasonable job of avoiding that happening too much, and we do have the updates.img mechanism for more targeted handling of such cases). It's also not just QA resources, it's support resources. Now anyone doing Fedora support has a new question to ask anyone who has an install problem: are you using the original release or one of the new ones?, and the corresponding more complex tree of possible bugs to consider. There's a significant value in knowing, when someone says I'm trying to install Fedora 20, what exactly it *is* they're trying to install. We already have to consider whether they're doing live or non-live and what arch they're on, in some cases, but adding a whole extra multiplying factor to that wouldn't do anyone any favours. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: F21 System Wide Change: (A)Periodic Updates to Images
On Sat, May 10, 2014 at 07:38:29PM +0100, Peter Robinson wrote: Somewhere to start, mostly. I'd love to see it extend across the project. It would be very useful for ARM images too. Cool. Maybe we could get some of the ARM people working with the cloud SIG to come up with the initial plan? See https://fedorahosted.org/cloud/ticket/51 -- Matthew Miller-- Fedora Project--mat...@fedoraproject.org Tepid change for the somewhat better! -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: F21 System Wide Change: (A)Periodic Updates to Images
On Mon, May 12, 2014 at 1:41 PM, Matthew Miller mat...@fedoraproject.org wrote: On Sat, May 10, 2014 at 07:38:29PM +0100, Peter Robinson wrote: Somewhere to start, mostly. I'd love to see it extend across the project. It would be very useful for ARM images too. Cool. Maybe we could get some of the ARM people working with the cloud SIG to come up with the initial plan? See https://fedorahosted.org/cloud/ticket/51 Will take a look, thanks for the heads up. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: F21 System Wide Change: (A)Periodic Updates to Images
On Tue, Apr 15, 2014 at 10:15 PM, Matthew Miller mat...@fedoraproject.org wrote: On Tue, Apr 15, 2014 at 10:55:21PM +0200, drago01 wrote: This would make sense for non cloud images as well. Is there any reason why we have to restrict that to the cloud? Somewhere to start, mostly. I'd love to see it extend across the project. It would be very useful for ARM images too. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: F21 System Wide Change: (A)Periodic Updates to Images
On Thu, 10 Apr 2014 16:19:37 +0200 Jaroslav Reznik jrez...@redhat.com wrote: ...snip... We need to be able to produce official updates to the Fedora Cloud images. Initially, we plan to release these updates monthly, but also need the ability to release an out-of-cycle update in the event of a severe security issue. ..snip... Might be good to specify better what a 'severe security issue' is. Perhaps Any update rated important or higher on the severity scale? https://access.redhat.com/site/security/updates/classification/ Also, is the expectation that we would keep all images around forever? Or only the general release and latest image would be kept available and the others would be removed or archived? kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: F21 System Wide Change: (A)Periodic Updates to Images
On Tue, Apr 15, 2014 at 09:07:47AM -0600, Kevin Fenzi wrote: Might be good to specify better what a 'severe security issue' is. Perhaps Any update rated important or higher on the severity scale? https://access.redhat.com/site/security/updates/classification/ Yeah, that needs to be worked out. If you think it needs to be worked out as part of the initial change proposal, I will try to get on doing that. I think it might be a little narrower than any important -- maybe any critical + any important likely to affect cloud users in common configurations. Off the top of my head, probably would not update for local DoS attacks (keeping in mind of course that yum update would be available.) Also, is the expectation that we would keep all images around forever? Or only the general release and latest image would be kept available and the others would be removed or archived? I think we would treat them like update RPMs on the mirrors -- older updates time out eventually. But good question that Fedora Infrastructure could help answer :). What *can* we keep? -- Matthew Miller-- Fedora Project--mat...@fedoraproject.org Tepid change for the somewhat better! -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: F21 System Wide Change: (A)Periodic Updates to Images
On Tue, 15 Apr 2014 12:08:34 -0400 Matthew Miller mat...@fedoraproject.org wrote: On Tue, Apr 15, 2014 at 09:07:47AM -0600, Kevin Fenzi wrote: Might be good to specify better what a 'severe security issue' is. Perhaps Any update rated important or higher on the severity scale? https://access.redhat.com/site/security/updates/classification/ Yeah, that needs to be worked out. If you think it needs to be worked out as part of the initial change proposal, I will try to get on doing that. I think it might be a little narrower than any important -- maybe any critical + any important likely to affect cloud users in common configurations. Off the top of my head, probably would not update for local DoS attacks (keeping in mind of course that yum update would be available.) Sure. I don't know if it has to be decided now, but it should be before we announce it. There should be a clear expectation, IMHO. Also, is the expectation that we would keep all images around forever? Or only the general release and latest image would be kept available and the others would be removed or archived? I think we would treat them like update RPMs on the mirrors -- older updates time out eventually. But good question that Fedora Infrastructure could help answer :). What *can* we keep? Well, we have a promise to mirrors to keep all main Fedora stuff under 1TB. I have no idea how all the f21 changes will be affecting that. IMHO, I would personally say we keep the GA release one always, and then keep just the most recent update one. All older update ones move over to the archive space, or if we are doing them in koji, they would just be kept there and could be deleted. kevin signature.asc Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: F21 System Wide Change: (A)Periodic Updates to Images
On Tue, Apr 15, 2014 at 7:35 PM, Kevin Fenzi ke...@scrye.com wrote: On Tue, 15 Apr 2014 12:08:34 -0400 Matthew Miller mat...@fedoraproject.org wrote: On Tue, Apr 15, 2014 at 09:07:47AM -0600, Kevin Fenzi wrote: Might be good to specify better what a 'severe security issue' is. Perhaps Any update rated important or higher on the severity scale? https://access.redhat.com/site/security/updates/classification/ Yeah, that needs to be worked out. If you think it needs to be worked out as part of the initial change proposal, I will try to get on doing that. I think it might be a little narrower than any important -- maybe any critical + any important likely to affect cloud users in common configurations. Off the top of my head, probably would not update for local DoS attacks (keeping in mind of course that yum update would be available.) Sure. I don't know if it has to be decided now, but it should be before we announce it. There should be a clear expectation, IMHO. Also, is the expectation that we would keep all images around forever? Or only the general release and latest image would be kept available and the others would be removed or archived? I think we would treat them like update RPMs on the mirrors -- older updates time out eventually. But good question that Fedora Infrastructure could help answer :). What *can* we keep? Well, we have a promise to mirrors to keep all main Fedora stuff under 1TB. I have no idea how all the f21 changes will be affecting that. IMHO, I would personally say we keep the GA release one always, and then keep just the most recent update one. All older update ones move over to the archive space, or if we are doing them in koji, they would just be kept there and could be deleted. This would make sense for non cloud images as well. Is there any reason why we have to restrict that to the cloud? -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: F21 System Wide Change: (A)Periodic Updates to Images
On Tue, Apr 15, 2014 at 22:55:21 +0200, drago01 drag...@gmail.com wrote: This would make sense for non cloud images as well. Is there any reason why we have to restrict that to the cloud? QA resource limits. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: F21 System Wide Change: (A)Periodic Updates to Images
On Tue, Apr 15, 2014 at 10:53 PM, Bruno Wolff III br...@wolff.to wrote: On Tue, Apr 15, 2014 at 22:55:21 +0200, drago01 drag...@gmail.com wrote: This would make sense for non cloud images as well. Is there any reason why we have to restrict that to the cloud? QA resource limits. The gold image remains in place ... so we have it as a fallback. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: F21 System Wide Change: (A)Periodic Updates to Images
On Tue, Apr 15, 2014 at 10:55:21PM +0200, drago01 wrote: This would make sense for non cloud images as well. Is there any reason why we have to restrict that to the cloud? Somewhere to start, mostly. I'd love to see it extend across the project. -- Matthew Miller-- Fedora Project--mat...@fedoraproject.org Tepid change for the somewhat better! -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
F21 System Wide Change: (A)Periodic Updates to Images
= Proposed System Wide Change: (A)Periodic Updates to Images = https://fedoraproject.org/wiki/Changes/%28A%29Periodic_Updates_to_Images Change owner(s): Cloud WG collectively, with Matthew Miller mat...@fedoraproject.org as point of contact Responsible WG: Cloud We want to be able to release updated images not just at release time. Hope for a one-month regular cadence, plus emergency updates if needed. == Detailed Description == We need to be able to produce official updates to the Fedora Cloud images. Initially, we plan to release these updates monthly, but also need the ability to release an out-of-cycle update in the event of a severe security issue. This involves: 1. policy for level of security issue required for out-of-cycle updates 2. procedure for notification of security updates in images (as with rpm updates) 3. automated QA (at least smoketests) 4. documentation of QA expectations 5. release engineering process 6. mirroring of updated images 7. updates to web site for new download links and EC2 AMI IDs. Note that this will apply to the Cloud Base Image, the Docker Host Image, the Big Data Image, and the Docker Container Base Image. (The latter may need separate handling.) Ultimately, we would like to produce updates whenever a package on the image or the kickstart file for the image changes. This is a step towards that goal. == Scope == * Proposal owners: Create policies and procedures as outlined above. Will also assist with changes to release engineering. * Other developers: Contributions welcome! * Release engineering: Significant impact, obviously. Cloud WG will interact heavily with Release Engineering and work in concert. * Policies and guidelines: No changes to existing policies. ___ devel-announce mailing list devel-annou...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel-announce -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: F21 System Wide Change: (A)Periodic Updates to Images
On Thu, Apr 10, 2014 at 16:19:37 +0200, Jaroslav Reznik jrez...@redhat.com wrote: = Proposed System Wide Change: (A)Periodic Updates to Images = https://fedoraproject.org/wiki/Changes/%28A%29Periodic_Updates_to_Images Is this perodic updates to just cloud images? If so the title of the change should probably reflect that. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: F21 System Wide Change: (A)Periodic Updates to Images
On Thu, Apr 10, 2014 at 10:51:46AM -0500, Bruno Wolff III wrote: = Proposed System Wide Change: (A)Periodic Updates to Images = https://fedoraproject.org/wiki/Changes/%28A%29Periodic_Updates_to_Images Is this perodic updates to just cloud images? If so the title of the change should probably reflect that. Yes, that's the proposal. If anyone wants to take it wider than that, I haven't heard. -- Matthew Miller-- Fedora Project--mat...@fedoraproject.org Tepid change for the somewhat better! -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
F21 System Wide Change: (A)Periodic Updates to Images
= Proposed System Wide Change: (A)Periodic Updates to Images = https://fedoraproject.org/wiki/Changes/%28A%29Periodic_Updates_to_Images Change owner(s): Cloud WG collectively, with Matthew Miller mat...@fedoraproject.org as point of contact Responsible WG: Cloud We want to be able to release updated images not just at release time. Hope for a one-month regular cadence, plus emergency updates if needed. == Detailed Description == We need to be able to produce official updates to the Fedora Cloud images. Initially, we plan to release these updates monthly, but also need the ability to release an out-of-cycle update in the event of a severe security issue. This involves: 1. policy for level of security issue required for out-of-cycle updates 2. procedure for notification of security updates in images (as with rpm updates) 3. automated QA (at least smoketests) 4. documentation of QA expectations 5. release engineering process 6. mirroring of updated images 7. updates to web site for new download links and EC2 AMI IDs. Note that this will apply to the Cloud Base Image, the Docker Host Image, the Big Data Image, and the Docker Container Base Image. (The latter may need separate handling.) Ultimately, we would like to produce updates whenever a package on the image or the kickstart file for the image changes. This is a step towards that goal. == Scope == * Proposal owners: Create policies and procedures as outlined above. Will also assist with changes to release engineering. * Other developers: Contributions welcome! * Release engineering: Significant impact, obviously. Cloud WG will interact heavily with Release Engineering and work in concert. * Policies and guidelines: No changes to existing policies. ___ devel-announce mailing list devel-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel-announce
