[Gruppo-web] Disappointed by Canonical SysAdmin Team behaviour

Michael Hall mhall119 a ubuntu.com
Gio 30 Ott 2014 17:12:08 GMT

It isn't just your website that is down, a number of other sites (both
Canonical and Community ones) hosted on our servers are down while IS
does a thorough security review and makes changes on account of the
latest Drupal issue.

They are actively working on this (last activity on their internal RT
was 40 minutes ago) and will get your website back up as soon as
possible. I apologize for the inconvenience, but IS are responsible for
securing all of Canonical's systems, and they take that responsibility
very seriously. Your website (and all the others) will be back up as
soon as they safely can be.

If you have any other questions or concerns, please feel free to email
me directly (or ping me on IRC) and I will be happy to help you.

Michael Hall
mhall119 a ubuntu.com

On 10/30/2014 10:29 AM, Andrea Colangelo wrote:
> Dears all,
> we regret to write this email, but we can no longer tolerate problems
> like the ones we're describing below.
> Today, we noticed Italian Community web page [0] is not reachable, and a
> 403 Forbidden error is displayed instead. This was not triggered by any
> change made by our Website Team, so we investigated the problem with the
> Canoncal Sysadmins.
> Riccardo Padovani, the spokeperson of the Italian Website Team, reached
> the Canonical Sysadmins, here's an excerpt of the chat they had via IRC:
> <rpadovani> moon127, we have a forbidden advice on every page of
> http://www.ubuntu-it.org. No changes on our side in last hours, could
> you take a look please?
> <moon127> rpadovani, we detected an update from Drupal 7.31 to 7.32
> recently which did not seem to have been initiated by our guys and taken
> down as a precaution due to https://www.drupal.org/PSA-2014-003 - we
> have people investigating currently.
> <rpadovani> moon127, indeed, the update is not from your guys because
> drupal is managed by us on lp and then sync on server by cron
> <rpadovani> Here my commit for Drupal 7.32
> <rpadovani>
> https://bazaar.launchpad.net/~ubuntu-it-www/ubuntu-it-www/www-repo/revision/191
> The Drupal update was prepared by Riccardo a few hours after the Drupal
> Security Bulletin [1] was issued, so the website was no longer
> vulnerable due to the prompt reaction of Riccardo and the Italian
> Website Team.
> Nobody stepped in and warned us that the SysAdmin Team was going to turn
> off the website for "precaution purposes". Neither any members of the
> Website Team nor any members of the Italian LoCo Team got a notice.
> Also, nobody checked whether the site was actually affected by the
> vulnerability described in [1], it has been taken down without any
> check. Considering how many daily visits our website gets, this looks
> like an irresponsible course of action. We consider this approach not
> acceptable at all, especially for a service so important for our
> Community.
> This is just the latest issue we had while interacting with the
> Canonical SysAdmin Team (evidence of this can be found in the tickets we
> filed on [2]), and we are fed up of this. We are grateful of the help we
> get from Canonical in hosting our websites and many other services,
> nevertheless we feel the need of a better communication among us.
> Also, our website is still down as we are sending this email. We kindly
> ask you to provide us with your support to solve these problems as soon
> as possible.
> [0] http://www.ubuntu-it.org/
> [1] https://www.drupal.org/SA-CORE-2014-005
> [2] https://rt.ubuntu.com
> Thank you for your co-operation,
> Andrea Colangelo
> on the behalf of the Italian LoCo Team

Maggiori informazioni sulla lista Gruppo-web