[Ci-users] Ansible Update from 1.9.6 -> 2.X
Laurentiu Pancescu
lpancescu at gmail.com
Wed Feb 1 16:32:28 UTC 2017
On 01/02/17 17:03, Brian Stinson wrote:
> On Feb 01 15:22, Laurentiu Pancescu wrote:
>> Since Fedora already makes the effort to provide the current Ansible
>> releases in EPEL, it would be a pity not to take advantage of that.
>
> We're planning to track what's going through CBS, which isn't
> necessarily the same lifecycle as EPEL
>
> The PaaS SIG is releasing:
> http://cbs.centos.org/koji/buildinfo?buildID=14071
From a quick look at the changelog, that particular CBS build is
missing the security fixes from 2.2.1.0 (CVE-2016-9587, CVE-2016-8647,
CVE-2016-9587 and CVE-2016-8647). I understand that we'd probably like
to have full control over when a version upgrade takes place (not to
break things), but we'd need to backport the security fixes. Or isn't
security an issue since cico is an isolated environment?
The main reason behind my proposal to adopt whatever Fedora packages was
to get security fixes from the security team that handles EPEL and
Fedora. For me, it's still unclear how fast are security fixes landing
in SIG-provided packages.
But that's certainly your decision to make, I'm fine with it either way. :)
More information about the Ci-users
mailing list