-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Consider removing any packages from Noble that are not in Ubuntu's "Main" repository #328
Comments
I like the idea to cleanup the stemcell a little bit. If we invest in such a feature, we should maybe also think about removing packages that we don't need for bosh/cf-deployment universe...
|
ifupdown is going to be the biggest change |
eject is used by the agent: https://github.com/cloudfoundry/bosh-agent/blob/main/platform/cdrom/linux_cdrom.go |
resolvconf is already be replaced with systemd-resolved |
as we move to iptables we could also remove this. |
@ramonskie what do you mean with this? Did you forget to add the link? |
Given that Ubuntu's policy is to only provide "Best effort" updates to packages outside of the "Main" repository we should consider removing as many as possible from the Noble stemcell so that we don't end up with unpatched CVEs late in the stemcell lifecycle[1]. See this article on Ubuntu's ESM for more context.
Currently on Jammy the packages not in the "Main" repository are:
[1] The
traceroute
package, in the "Universe" repository, has a reported CVE which is not patched even though Jammy is still within its LTS support window.The text was updated successfully, but these errors were encountered: