[charisma123]

In a trusted environment, I have found managing software updates and verifying that the updates are safe, challenging. Will be curious to know, how regular Linux kernel OS updates and runtime updates are managed by the CoreOS. Will there be someone verifying if the OS and runtime updates are safe and not compromising?

This is definitely a step in the right direction in the adoption of trusted computing.

[robszumski]

This is a split responsibility between the OS vendor and the customer, just as with a trusted environment that's not backed by crypto/TPM.

The normal benefits of frequently releasing code are at play here, just at the OS/kernel level instead of a webapp. Testing can be completed against the different channels of CoreOS in staging environments as well. It's recommended to run some beta machines mixed into a fleet of stable machines to catch any issues specific to your environment.

A unique feature of CoreOS is that it ships an upstream kernel that doesn't have tons of backports and bugfixes. This means the upstream testing/performance infrastructure is leveraged for more visibility into the release.

(CoreOS employee)