IMPORTANT - Changes and accountability

Kensie · May 20, 2014, 12:36am

I’m going to call out some basic policy rules and then we’ll expand on these, but to start:

Nothing happens without review from a 2nd set of eyes. NOTHING.
NO UPDATES even during scheduled windows without notice
- Updates are to be announced in the meeting prior

Update info, including the changes the update will cause, and the plan for implementing, the update should written up and shared no later than the meeting during the update announcement

If something goes wrong during the update, see #1

tad · May 20, 2014, 6:27am

So, I have one concern about this for plesk:
Their security response time is slow. We shouldn’t be adding up to 7 days just to tell people about the updates. In fact, that would be a bad idea. Plesk is a good target.

Generally these updates are just/mainly security patches. They’ve never broken anything. I could announce major updates, like we went from 11=>12 on OVH recently, just not minor patches. The major update is the only time something went wrong, when we moved from 10 to 11, plesk tried enabling billing. Didn’t cause any user noticeable issues, just annoying when using the panel, we fixed that pretty quickly though.

mrz · May 20, 2014, 2:12pm

@kensie is describing normal maintenance.

There’s always a process for handling emergency maintenance of which security fixes are a part of.

Kensie · May 28, 2014, 7:45pm

Started a pad for figuring out policies around maintenance - https://communityit.etherpad.mozilla.org/Maintenance-Policy