gpg: Signature made Wed Oct 23 20:11:30 2019 UTC
gpg: using DSA key 2099B64CBF15490B
gpg: Good signature from "Andy Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andrew James Smith <andy@strugglers.net>" [unknown]
gpg: aka "Andy Smith (UKUUG) <andy.smith@ukuug.org>" [unknown]
gpg: aka "Andy Smith (BitFolk Ltd.) <andy@bitfolk.com>" [unknown]
gpg: aka "Andy Smith (Linux User Groups UK) <andy@lug.org.uk>" [unknown]
gpg: aka "Andy Smith (Cernio Technology Cooperative) <andy.smith@cernio.com>" [unknown]
Hello,
Individual notification emails regarding the below maintenance
windows have now been sent out. If yours hasn't arrived, please
check spam folders etc.
Do note that the times are all in UTC. If you're in UK you are
currently at UTC+1, but British Summer Time ends on Sunday 27
October, so you will be back on UTC by the time of the work.
Cheers,
Andy
On Fri, Oct 18, 2019 at 04:51:53PM +0000, Andy Smith wrote:
> Hi,
>
> Some security issues have been found in the hypervisor software we
> use, which we have to fix as they can theoretically allow privilege
> escalation.
>
> They are under embargo until Thursday 31 October, so we will most
> likely do the work in the early hours of the morning (UK time) on
> 29, 30, and 31 October.
>
> As usual this will entail a clean shutdown of your guest and then a
> boot again 20–30 minutes later after the patching is done. Some time
> next week an email will go out telling you of the two hour window in
> which this work will take place for each of your VMs.
>
> If the assigned window is unacceptable to you, we can most likely
> move your VM to an already-patched host at a time of your choosing
> before 31 October. When the direct email comes to let you know of
> your maintenance window, if it's not acceptable then you can reply
> to it to open a support ticket and we will work it out.
>
> As usual, if you have opted in to suspend/restore then your guest
> will be suspended to disk and restored again instead of shutdown and
> booted. More info on that:
>
> https://tools.bitfolk.com/wiki/Suspend_and_restore
>
> For our own maintenance work we like to give more than 2 weeks of
> notice. Unfortunate when dealing with security issues there is an
> agreed embargo process and notice periods are much shorter. It is
> preferable that there is ~2 weeks of notice rather than a "0-day"
> exploit being unleashed.
>
> Thanks,
> Andy
>
> --
> https://bitfolk.com/ -- No-nonsense VPS hosting
--
https://bitfolk.com/ -- No-nonsense VPS hosting
_______________________________________________
announce mailing list
announce@???
https://lists.bitfolk.com/mailman/listinfo/announce
