XO in-field upgrades
blizzard at redhat.com
Mon Jun 25 16:12:25 EDT 2007
On Mon, 2007-06-25 at 16:08 -0400, C. Scott Ananian wrote:
> On 6/25/07, Christopher Blizzard <blizzard at redhat.com> wrote:
> > On Mon, 2007-06-25 at 15:56 -0400, Noah Kantrowitz wrote:
> > > minimal. Are we expecting to do online updating or will it be more of a
> > > windows-style "shut it all down then patch"?
> > I think that for phase one we can do it during a shutdown/restart cycle.
> Will this be fast enough if we find a big ol' root exploit in our
> system? I recall people arguing before that making boot pretty wasn't
> a priority "because the kids will never reboot". I assume that
> updating during shutdown/restart means we have a big "you must reboot
> now" message which comes up and annoys the user? Will kids ignore
That's largely a policy + design decision. I don't think that anything
that we're talking about here adds enough latency to updates that we'll
be exposing anyone to any risk any more than we are today. (Maybe less
given that people tend to upgrade machines and leave them running linked
to old versions of binaries all the time - a reboot certainly fixes
that!) We could also say that certain updates required an immediate
reboot and some don't. i.e. critical severity vs. minor bug fixes. Not
all fixes are created equal.
> In any case, we need to do some sort of COW system even if we do
> shutdown/restart, because the system will continue running
> indefinitely with the old code until the kids get bored enough to
> reboot (if ever).
Not sure how that's related to CoW? A running binary will keep using an
old library until you shut it down which is where a lot of our risk
comes from. An online update would still work.
More information about the Devel