Announcing and

Neal McBurnett neal at
Tue Nov 13 20:52:31 GMT 2007

My take on all of this is to use this as an opportunity to demonstrate
that Ubuntu can be used well in an enterprise setting, and to use it
to learn what needs to be fixed, and as an opportunity to document the
appropriate administrative practices that maximize security and
usability.  Read on....

On Tue, Nov 13, 2007 at 06:13:13PM +0000, Matthew East wrote:
> As for the last point, I wonder whether there is any possibility of
> establishing a process by which community members (such as the
> ubuntuwire team) can take part in Ubuntu system administration tasks
> after going through a certain amount of quality assurance in the same
> way that they can obtain commit access to the Ubuntu repository. I
> have no idea to what extent that would be doable but it strikes me as
> an interesting idea, at least in the long term.

Makes sense to me.

> > It makes more sense for the existing machine to be opened up to the full
> > developer set; as was decided by the Technical Board some time ago.
> That would certainly address what seems to be the biggest issue.
> But the ubuntuwire community seems to be providing other services too:
>  * shell access for developers
>  * mailing lists
>  * qa
>  * a search engine
>  * revu
> The same balancing exercise should probably carried out for them too.

I agree that the right approach is to find a balance.  Rather than
giving access to any ssh key on the given teams, it could be given to
only those that specifically show interest, or that demonstrate good
shell hygene, or that have hardware 

This amounts to figuring out what the major risks and vulnerabilities
are, and what the best practices are for mitigating them.

Beyond dealing with these sorts of vanilla open-source development
infrastructures, let me add a whole different use-case for this sort
of infrastructure: enterprise testing.

I would add whole new categories of enterprise-level infrastructure to
the mix.  The sort of infrastructure that our enterprise customers
expect to use: directory and single-sign-on capabilities, VPNs, CIFS
shares, etc.)

At first these extra categories could just be testbeds (like the
"TestUbE" proposal I sent the server team last June - Test UBuntu
Enterprise).  If we find real development use-cases for them, and feel
good about their security we can use them in other ways.  I'd suggest
that such a testbed also include Microsoft AD servers (properly hidden
behind VPNs for use by the QA team) and eDirectory if warranted.

Otherwise, if we don't "eat our own dogfood", we will have a hard time
meeting the needs of even small businesses that also deploy windows,
to say nothing of enterprises.


Neal McBurnett       

More information about the ubuntu-devel mailing list