A vote was taken at today's tech board meeting, ratifying an exception for walinuxagent to do out-of-archive updates:
http://ubottu.com/meetingology/logs/ubuntu-meeting-2/2017/ubuntu-meeting-2.2017-03-14-17.01.html This is of course still open for feedback from members of the TB who were not in attendance at today's meeting. Thanks, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [email protected] [email protected] On Tue, Mar 14, 2017 at 10:01:02AM -0700, Steve Langasek wrote: > Dear Technical Board, > > I wish to make you aware of a technical decision taken by the Ubuntu > Foundations team concerning a package in the archive. I believe the > decision is technically sound and will stand up to scrutiny, but due to the > sensitivity and possible precedent-setting involved, I want us to be > completely transparent with the community about what is being done and why. > > The walinuxagent package in Ubuntu is an agent for the Microsoft Azure > cloud, communicating with the cloud substrate and allowing management of > various aspects of the guest through the cloud's dashboard / management > interface. > > The Microsoft Azure team has requested that the package in Ubuntu enable a > feature, currently disabled via config setting, that allows the agent to > pull down code from a trusted cloud-local endpoint and deploy it on the > running system. This is desirable for two reasons: > > - it ensures that the agent on the guest remains up-to-date and compatible > with the cloud substrate, even on long-running instances whose > administrators are not applying package updates on a regular basis > - it enables various optional modules which are part of the Azure platform > but are not distributed with the walinuxagent package, they are only > available from the walinuxagent endpoint. > > Obviously we have good reason for a policy that third-party repositories and > code update mechanisms are not allowed for Ubuntu at large. In this case, I > believe it's acceptable because: > > - in a cloud, this is not the first place in which arbitrary code can be > fed into the instance from outside; cloud-init also does the same thing > in a more general form > - this is a cloud-local endpoint; we know from the architecture of Azure > that this endpoint is controlled by the same party as the virtualization > environment itself (i.e. Microsoft), so there is no concern that trusting > this endpoint expands the set of targets for an attacker > - the walinuxagent uses several methods to detect that it's running on the > correct cloud substrate (specially-formed DHCP responses; > locally-attached storage) which ensure that accidentally installing and > attempting to run this agent on a non-Azure Ubuntu machine will be a > no-op. > > If you have any questions about this implementation, please ask. > > Thanks, > -- > Steve Langasek Give me a lever long enough and a Free OS > Debian Developer to set it on, and I can move the world. > Ubuntu Developer http://www.debian.org/ > [email protected] [email protected]
signature.asc
Description: PGP signature
-- technical-board mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/technical-board
