Chef Ideas

We believe that the best way to build software is to do it in close collaboration with the people who use it. We invite you to submit your ideas using the form below. Please be sure to include the problem for which you are solving and the benefits of implementing the idea.

We do our best to implement as many Ideas as we can. Our Product team will evaluate all submitted ideas in a timely manner and will disposition each into one of the following categories: will integrate into the product roadmap, further research is needed, unlikely to implement.

Thanks for collaborating with us!

Automate/Chef Infra Server: Customers would like openJDK to be ad-hoc upgradable and safe

Being able to independently upgrade openJDK would allow customers to meet their security needs as the CVEs appear. The current situation is that they must wait for a release of Automate or Chef Infra Server. This is less than ideal, as it requires tedious to create and sometimes impossible to get waivers. Well-formed waivers generally have an expiration date.

Companies also often have a drop-dead date, beyond which the system must be shut down when found out of compliance.

Wherever openJDK is installed in Chef kit, it should have these properties

* Independently upgradeable. No package builds or installations needed, unless they are packageable and installable on-site at the customer site

* Rollback function to the original version that shipped with the present Chef Software, Inc version of whatever software to allow quick repairs if something goes wrong

* Documentation for installs/rollbacks with examples

  • Guest
  • Sep 3 2020
  • Out of Scope
  • Attach files
  • Guest commented
    29 Sep, 2020 08:07pm

    If we cannot update the versions independently, Chef should upgrade the software servers on a regular basis to ensure java is compliant with all security patches.

  • Joshua O'Brien commented
    4 Sep, 2020 05:10pm

    Every release of Chef Infra Server must run through a pipeline of tests to verify that the project functions correctly, not just on its own but also with a given set of dependencies. We package the distributions of our software with the dependencies that we test against, so users can have confidence in its function.

    Any changes to those dependencies outside of our release process cannot be supported or deemed "safe" because we would not have tested that matrix. While theoretically you could replace the OpenJRE on disk and restart the requisite services, you would have an untested and unsupported install of Chef Infra Server, which would not be covered by Chef Software's SLA.

    We cannot specifically add a feature that puts the product in an unsupported state.