As far as I know, if a malicious user compromised the CoreOS update central and pushed a new rolling update, then everyone using CoreOS and (presumably automatically) received the rolling update will also be hacked, the end. This is an even bigger evil. It's no difference to a botnet . I don't know if CoreOS has some kind of update signing/verification or what but based on my assertion I wouldn't suggest using it.