Ubuntu Linux producer Canonical plans to sue a European cloud provider for “publishing insecure, broken images of Ubuntu despite many months of coaxing to do it properly.”

The company says that its cloud OS relies on trust and that such actions undermine the success of the certified Ubuntu images that are guaranteed to run on specific cloud platforms such as AWS, Azure or Google.

– Canonical

Wants to boot slow booting images

“The home-grown images on the cloud, VPS and bare metal services of this provider disable fundamental security mechanisms and modify the system in ways that are unsupportable,” Ubuntu founder and Canonical exec chairman Mark Shuttleworth said in a blog post.

“They are likely to behave unpredictably on update in weirdly creative and mysterious ways (the Internet is full of fun examples). We hear about these issues all the time, because users assume there is a problem with Ubuntu on that cloud; users expect that ‘all things that claim to be Ubuntu are genuine’, and they have a right to expect that.”

Shuttleworth then described some of the problems he has seen with third-party Ubuntu images: “Clouds have baked private keys into their public images, so that any user could SSH into any machine; clouds have made changes that then blocked security updates for over a week; clouds have confused users with image- or kernel-soup, and users have been pushed into building their own images; VMs have had changes that resulted in very slow boot or poor performance; unstable kernels that disable features Ubuntu packages expect to be there; and many more.

“When things like this happen, users are left feeling let down. As the company behind Ubuntu, it falls to Canonical to take action.”

Shuttleworth said that the company had “spent many months of back and forth in which we unsuccessfully tried to establish the same operational framework on this cloud that already exists on tens of clouds around the world. We have on multiple occasions been promised it will be rectified to no avail.”

Canonical did not name the cloud provider in question, but said that “we are now ready to take legal steps to remove these images.”