You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Given that Ubuntu's policy is to only provide "Best effort" updates to packages outside of the "Main" repository we should consider removing as many as possible from the Noble stemcell so that we don't end up with unpatched CVEs late in the stemcell lifecycle[1]. See this article on Ubuntu's ESM for more context.
Currently on Jammy the packages not in the "Main" repository are:
[1] The traceroute package, in the "Universe" repository, has a reported CVE which is not patched even though Jammy is still within its LTS support window.
The text was updated successfully, but these errors were encountered:
I like the idea to cleanup the stemcell a little bit. If we invest in such a feature, we should maybe also think about removing packages that we don't need for bosh/cf-deployment universe...
For example:
eject ( cd-rom support)
ubuntu-advantage-tools ( we will not enable ubuntu pro in the community stemcells )
resolvconf is already be replaced with systemd-resolved
runit (which is used to start the agent can be migrated to use systemd)
don't know why grub 2 is in this list..
all the the clang and libs are all dependencies. so i don't think these can be removed.
Given that Ubuntu's policy is to only provide "Best effort" updates to packages outside of the "Main" repository we should consider removing as many as possible from the Noble stemcell so that we don't end up with unpatched CVEs late in the stemcell lifecycle[1]. See this article on Ubuntu's ESM for more context.
Currently on Jammy the packages not in the "Main" repository are:
[1] The
traceroute
package, in the "Universe" repository, has a reported CVE which is not patched even though Jammy is still within its LTS support window.The text was updated successfully, but these errors were encountered: