search

rocker-org / rocker-versioned2

Run current & prior versions of R using docker. rocker/r-ver, rocker/rstudio, rocker/shiny, rocker/tidyverse, and so on.
https://rocker-project.org
GNU General Public License v2.0
409 stars 173 forks source link

Incorporation of Ubuntu LTS security patches - policy and timing #779

Closed gregfrog closed 6 months ago

gregfrog commented 6 months ago

I've been looking at the timing of Ubuntu LTS security patches being published, those patches getting into Ubuntu docker images and their incorporation here.

What is the lead time in getting an Ubuntu LTS image with a security patch applied into the code here? Is there a policy relating to that or is it a side-effect on other activities? Some of the images based on actively maintained Ubuntu versions seem to be fairly old (r-ver 4.1 for example based on Focal seems not to have been rebuilt in a year but focal seems to have been patched since it was built), some are recent.

Is there a policy describing which images are actively maintained and likely to pick up security patches and which are not? I can't see one on the website or the wiki.

eitsupi commented 6 months ago

See #614

eitsupi commented 6 months ago

The next update will isolate and display tags that are no longer used on the wiki home. (#780)