Re: concerns about Salsa
- Date: Tue, 05 Jun 2018 13:21:25 +0200
- From: Philipp Kern <pkern@xxxxxxxxxx>
- Subject: Re: concerns about Salsa
On 2018-06-05 00:12, Wookey wrote:
On 2018-06-04 21:52 +0000, Clint Adams wrote:
On Mon, Jun 04, 2018 at 12:54:32PM +0100, Ian Jackson wrote:
> Salsa is hardly the first Debian production service to not be running
> the packaged version of its primary application, and it won't be the
> last. ftp.debian.org isn't running the packaged version of dak.
No, this has been happening forever, and this failure to dogfood has
also been a disservice to our users forever.
Buildds don't run the packaged version either, and this contributes to
it being much harder than it should be to set up local buildd
infrastructure. There are good reasons for this from the admin's POV,
but the side-effects are signifcant and I'd like us to try harder to
use packaged stuff.
But I've not done the necessary work myself, so can't really
complain. I just observe that it is a real issue for people setting up
their own CI infra. One day I may have the tuits to improve things in
this area (I plan to start retiring soon, which might help, or may
simply introduce different distractions :-)
I have been reimplementing buildd recently and we had this discussion
again. As it turns out it's much desired by DSA not to do that, for a
bunch of reasons, like the tripwires they set. So it seems that the
preferred approach is now to use lingering and let users run their
systemd services as their user. So I scrapped the original packaging
plan and you end up with a systemd tree that is maintained either by an
outside tool or from a git tree.
I still hold that as soon as you are running a production service of
some kind you are likely better off not using packages from Debian. You
need to respond to outages and patch things and actually be able to do
code changes recently quickly in the limited time volunteers have. And
using packages not from Debian proper is frowned upon on Debian
infrastructure. And to some degree I guess rightly so - as long as we
have no trusted infrastructure producing the moral equivalent to PPAs.
Now I don't say that it isn't valuable to have packages in case someone
runs something in the background. Just like there should be a solid
solution for repository management, there should be one for building.
But the infrastructure needs of Debian itself are different.