Canonical Public Cloud (CPC) team being more involved in release decisions on suite release day

[Phil Roche]

Hi all,

I work on the Canonical Public Cloud (CPC) team responsible for the build
and publication of all the Ubuntu cloud images
<http://cloud-images.ubuntu.com/> and all their supported derivatives in
the major public and private clouds.

As 23.04 release day fast approaches, I would like to start a new thread on
CPC's involvement in release day decisions.

Reflecting on the last Ubuntu 22.10 release, from a cloud image
perspective, it did not go very well and we were a few days behind the main
desktop/server release, finally releasing on October 22nd instead of
October 20th. This was due to the decision by CPC to wait for the high
priority CVE https://ubuntu.com/security/CVE-2022-2602 changes to land in
the Kinetic kernel.

The use cases for cloud images are not the same as for server and desktop
and releasing with a vulnerable kernel did not make sense even if we knew
an updated kernel that people could upgrade to was forthcoming.

The current release process is centered on ISOs with cloud images being
downstream but I feel that given Ubuntu cloud images’ usage a situation
like the above with CVE-2022-2602 should have warranted a no-go decision.

What are the release teams' thoughts on CPC team being more involved in the
no/go decision process on release day? I recognise that release team member
Utkarsh Gupta is an engineer on the CPC team but his involvement in the
release team is not with cloud images specifically.

Thank you for all that you do,

Phil


-- 
Phil Roche
Staff Software Engineer
Canonical Public Cloud
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-release/attachments/20230323/31016b3d/attachment.html>