[Gruppo-web] [loco-council] Disappointed by Canonical SysAdmin Team behaviour

Riccardo Padovani riccardo a rpadovani.com
Ven 31 Ott 2014 11:48:14 GMT

On Thu, Oct 30, 2014 at 03:35:17PM -0400, cprofitt wrote:
> Thanks for raising this issue.

Hi all,
I'm currently admin of the Italian Web Group, but only since Sep 2013, and
original contributors are not in the LoCo anymore, so I reply for how the
situation is now;
I read old mails/rt but there is nothing interesting to our case.

> I have never managed a Canonical supported website before so I would
> like to ask for some background.
>       * Is there an SLA that Canonical has made to community web pages
>         they host?

There is this wiki page: https://wiki.ubuntu.com/LoCoHosting, but our team is
not listed there, so there is nothing about our LoCo.
Reading old mails, seems the first time switched to Canonical server is in Jan
2007[1], but I don't find any rt on rt.ubuntu.com about the migration

>       * Is there any agreement in regards to notification when problems
>         arise?


>       * Was it documented that the IT team has control of the drupal
>         environment via LP? If so how did the IS team miss that they had
>         made that change?

There is no english public documentation about how drupal is managed by us, but
it's the first time that IS team says something about a critical bug in Drupal,
so somehow they know we manage drupal by our own, because it's years we do
updates and IS team says nothing

>       * How is the risk evaluated? Is there a guide that those affected
>         can be made aware of to help them understand?

Nothing public as far my team and I know

>       * Is there any site or communication that lets team know when
>         service will be restored?

Nothing public as far my team and I know

> I can see with this particular vulnerability why action was taken, but I
> think it is reasonable that the IS team communicate with the people
> listed as contacts on the affected sites. Good incident response /
> security teams have a designated person (often non-technical) that is
> responsible for communications during incidents; does Canonical IS have
> such a person?

No. Plus, if we didn't ask explanation to IS team, there would still be a white
page with 'Forbidden' message on all ubuntu.it pages, because no message was
set from IS team when they chose to block our website.
At the moment there is a page we created so users are informed that is not a
random error.


Riccardo Padovani
-------------- parte successiva --------------
Un allegato non testuale  stato rimosso....
Nome:        non disponibile
Tipo:        application/pgp-signature
Dimensione:  819 bytes
Descrizione: Digital signature
URL:         <http://liste.ubuntu-it.org/pipermail/gruppo-web/attachments/20141031/d1d7e087/attachment.pgp>

Maggiori informazioni sulla lista Gruppo-web