tracker: Fedora 39 Release communications

[dustymabe]

Here we will try to keep track of important things to mention when switching to the next major version of Fedora and lean on this information when writing up a rebase communication around FN beta time and FN major release time.

[dustymabe]

In the release communication for F39 we should mention the work done as part of #1502 for the F39 cycle changes:

• Register EC2 Cloud Images with IMDSv2-only AMI flag
  • In November 2019, AWS launched IMDSv2 (Instance Meta-Data Store version 2 - see https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/ ) which provides "belt and suspenders" protections for four types of vulnerabilities that could be used to try to access the Instance Meta-Data Store available to EC2 instances. In that announcement, AWS recommended adopting IMDSv2 and restricting access to IMDSv2 only for added security. This can be done at instance launch time, or (more recently in October 2022) by providing a flag when registering an AMI to indicate that the AMI should by default launch with IMDSv1 disabled, and thus require IMDSv2.
  • Tracking bug: #2185248
• EC2 AMIs default to the gp3 EBS volume type
  • In Amazon EC2, Elastic Block Store (EBS) volumes can be one of several types. These can be specified at volume creation time, including for the default volumes that are created on instance launch. An AMI will have default volumes and volume types configured. Fedora currently defaults to the gp2 volume type. This proposal is to switch to gp3 as the default volume type for Fedora. The gp3 volume type is both more flexible than gp2, and can be up to 20% cheaper per GB.
  • Tracking bug: #2185249
• Register EC2 Cloud Images with uefi-preferred AMI flag
  • A new feature of EC2 is to be able to register AMIs with a boot mode of uefi-preferred rather than picking one of bios or uefi. In EC2, aarch64 has always been UEFI, while x86-64 started out as BIOS only and some instance types have recently begun to support booting in UEFI mode. Previously, an AMI had to pick if it was UEFI or BIOS. With uefi-preferred it allows an AMI to launch with whatever firmware stack is available for the instance type, preferring UEFI when UEFI is an option.
  • Tracking bug: #2185883

[bgilbert]

Well, the important things to note are:

• IMDSv2: User applications that fetch metadata from the IMDS and only support IMDSv1 will not work with newly-created instances unless a) they're updated to use IMDSv2 or b) the instance is launched with a non-default option to re-enable v1.
• gp3: Default disk I/O performance of newly-created instances might decrease in some scenarios. This should only be relevant to carefully-tuned, I/O-sensitive environments.
• UEFI: Newly created instances might switch from BIOS to UEFI booting on some instance types. We're not currently aware of any use cases that will be affected by this.

[dustymabe]

We'll need to communicate to users the modular repos change: #1513

[dustymabe]

We'll need to mention the moby-engine update and maybe need to mention some potential regressions: #1476 (comment)