

Official CoreOS Images on Google Compute Engine (2014) - achanda358
https://coreos.com/blog/official-gce-images/

======
atonse
I still have some questions about CoreOS. (Actual questions, not doubts).

When you say that CoreOS auto-updating would patch things like OpenSSL
vulnerabilities without any intervention (as the founder said on The
Changelog), that just doesn't add up to me.

Say, I have CoreOS, and an nginx docker image running (based on an Ubuntu
14.04 image).

If I have an OpenSSL vulnerability and CoreOS says they auto-patched my
server, great. They patched the host. But that doesn't mean the openssl
library in my nginx image is patched, right? So most of the manual patching
(rebuilding the docker image, etc) and responding to these kinds of things is
still an issue, isn't it? I might be missing something here that involves the
union FS, etc.

Would appreciate a clarification on that.

~~~
pquerna
Correct -- the base OS would auto-update, but with how it works today, you
would still need to upgrade your own containers.

I don't believe this problem of updating dependencies in containers will last
forever -- its pretty reasonable that you could mark some dependency as "auto-
updatable" in your own container -- then when there is an OpenSSL issue, the
base container OS is upgraded, and your app restarted.

------
joshuak
I'm a big CoreOS fan and use it almost exclusively now (outside of OS X). I
love to see it show up on HN.

However: May 23, >>2014<<

This is universes old news.

------
tedchs
This post is from last year. I've been using these images on GCE for testing
and they work well. Works particularly nicely for getting a Deis PaaS up and
running quickly.

