Mailinglist Archive: opensuse-factory (297 mails)
| < Previous | Next > |
Re: [opensuse-factory] Making the basesystem smaller
- From: Klaus Kaempf <kkaempf@xxxxxxx>
- Date: Thu, 18 Jan 2007 17:39:53 +0100
- Message-id: <20070118163953.GC2573@xxxxxxxxxxxxx>
* Gerd Hoffmann <kraxel@xxxxxxx> [Jan 18. 2007 17:14]:
>
> Inside. Outside implies downtime.
Inside has the risk of breaking your system if an update is broken.
Outside does not necessarily mean a long downtime. Imagine the
following.
- create a copy of the virtual image
- loopback mount it
- apply updates
- run this patched image in a controlled environment
to verify the correctness of the update.
- take the original image down
- boot the updated image
It still has a downtime larger than a simple application restart.
> Or do you install security updates
> on real hardware by booting the rescue system, mounting disk and
> installing them?
Basically yes, for virtual images. Enterprise customers are asking
for this capability as described above.
>
> > But even for these environments, you probably need a minimal set
> > of packages like glibc, bash, etc. The question is, shouldn't this
> > minimal set be the 'very minimal base' (:-)) pattern ?
>
> Hmm, maybe we need two then? One "boot to bash prompt" and one
> "rescue-system like, with network and zypper"?
Yes. The latter one could simply depend on the first one.
Klaus
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
>
> Inside. Outside implies downtime.
Inside has the risk of breaking your system if an update is broken.
Outside does not necessarily mean a long downtime. Imagine the
following.
- create a copy of the virtual image
- loopback mount it
- apply updates
- run this patched image in a controlled environment
to verify the correctness of the update.
- take the original image down
- boot the updated image
It still has a downtime larger than a simple application restart.
> Or do you install security updates
> on real hardware by booting the rescue system, mounting disk and
> installing them?
Basically yes, for virtual images. Enterprise customers are asking
for this capability as described above.
>
> > But even for these environments, you probably need a minimal set
> > of packages like glibc, bash, etc. The question is, shouldn't this
> > minimal set be the 'very minimal base' (:-)) pattern ?
>
> Hmm, maybe we need two then? One "boot to bash prompt" and one
> "rescue-system like, with network and zypper"?
Yes. The latter one could simply depend on the first one.
Klaus
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |