Canonical is worried that the implementation disables even the most basic of security features and Canonical fears that when something bad happens, the great unwashed will not blame the cloud provider but will instead blame Ubuntu.
Writing in the company bog, Canonical said that it has spent months trying to get the unnamed provider to use the standard Ubuntu as delivered to other commercial operations to no avail. It said that Red Hat and Microsoft wouldn’t be treated like this.
Mark Shuttleworth, the founder of Ubuntu, wrote that Ubuntu is “the leading cloud OS, running most workloads in public clouds today,” whereas these homegrown images “are likely to behave unpredictably on update in weirdly creative and mysterious ways. We hear about these problems all the time, because users assume there is a problem with Ubuntu on that cloud; users expect that ‘all things that claim to be Ubuntu are genuine’, and they have a right to expect that.
“To count some of the ways we have seen home-grown images create operational and security nightmares for users: clouds have baked private keys into their public images, so that any user could SSH into any machine; clouds have made changes that then blocked security updates for over a week… When things like this happen, users are left feeling let down. As the company behind Ubuntu, it falls to Canonical to take action.”