Canonical Public Cloud (CPC) team being more involved in release decisions on suite release day
Steve Langasek
steve.langasek at ubuntu.com
Mon Apr 10 05:54:32 UTC 2023
On Thu, Apr 06, 2023 at 12:31:18PM +0100, Phil Roche wrote:
> Hi all,
> Bumping this for visibility again.
> Are there any objections to formally considering Ubuntu cloud images for
> no/no go decisions on release day?
> It is very unlikely even to be an issue, but should we be unfortunate
> enough to have another kernel CVE land on
> release day, then at least we have it agreed that the cloud image use cases
> should be considered when deciding
> to release or not.
I welcome the idea that the cloud images would be always released in
lockstep with the desktop and server images.
The decision not to release the cloud images the day scheduled for release
was one taken by the CPC team. That's also fine IMHO, but if the goal is to
ensure they all release at the same time, and that means delaying all the
images, that has a significant impact across the organization. You say that
it's unlikely to be an issue again, but what process improvements could we
be putting in place to guard against a repeat, and ensure that all the
images are actually ready to be released on the scheduled day?
You mention a kernel CVE; I don't remember the details, but it evidently
wasn't considered a reason to hold back and respin all of the installer
images. Why was it necessary to hold the cloud images back? For cloud
images in particular, the next image is not far away.
> On Thu, 23 Mar 2023 at 14:50, Phil Roche <phil.roche at canonical.com> wrote:
>
> > Hi all,
> >
> > I work on the Canonical Public Cloud (CPC) team responsible for the build
> > and publication of all the Ubuntu cloud images
> > <http://cloud-images.ubuntu.com/> and all their supported derivatives in
> > the major public and private clouds.
> >
> > As 23.04 release day fast approaches, I would like to start a new thread
> > on CPC's involvement in release day decisions.
> >
> > Reflecting on the last Ubuntu 22.10 release, from a cloud image
> > perspective, it did not go very well and we were a few days behind the main
> > desktop/server release, finally releasing on October 22nd instead of
> > October 20th. This was due to the decision by CPC to wait for the high
> > priority CVE https://ubuntu.com/security/CVE-2022-2602 changes to land in
> > the Kinetic kernel.
> >
> > The use cases for cloud images are not the same as for server and desktop
> > and releasing with a vulnerable kernel did not make sense even if we knew
> > an updated kernel that people could upgrade to was forthcoming.
> >
> > The current release process is centered on ISOs with cloud images being
> > downstream but I feel that given Ubuntu cloud images’ usage a situation
> > like the above with CVE-2022-2602 should have warranted a no-go decision.
> >
> > What are the release teams' thoughts on CPC team being more involved in
> > the no/go decision process on release day? I recognise that release team
> > member Utkarsh Gupta is an engineer on the CPC team but his involvement in
> > the release team is not with cloud images specifically.
> >
> > Thank you for all that you do,
> >
> > Phil
> >
> >
> > --
> > Phil Roche
> > Staff Software Engineer
> > Canonical Public Cloud
> >
>
>
> --
> Phil Roche
> Staff Software Engineer
> Canonical Public Cloud
> --
> Ubuntu-release mailing list
> Ubuntu-release at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-release
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer https://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-release/attachments/20230409/52cc4516/attachment.sig>
More information about the Ubuntu-release
mailing list