Re: concerns about Salsa
- Date: Thu, 07 Jun 2018 18:14:00 +0200
- From: Tollef Fog Heen <tfheen@xxxxxx>
- Subject: Re: concerns about Salsa
]] Russell Stuart
> On Tue, 2018-06-05 at 15:44 +0100, Ian Jackson wrote:
> > Packages are great for software which you can just install and use
> > without much fuss. That is often true for mature software. But for
> > services which are less mature, and more complex, and which have more
> > tentacles, the admin is likely to need to change things. This makes
> > using packages awkward.
> I think it's better to express the trade off in terms of consequences.
> - Using software packaged by a distro requires very little effort,
> which makes packaged software the ultimate sysadmin force
> multiplier. I know sysadmin's who exploit it to the extent they
> maintain literally 1000's of working boxes.
> - Taking a package straight from the developer gives you flexibility
> using software packaged simply can't provide or worse you can't use
> it at all because it's not packaged. The downside is you become a
> nurse maid for the box it's installed on. Nurse maid's are literally
> orders of magnitude less productive than one sysadmin maintaining an
> automated assembly line, so the end product had better be orders of
> magnitude more useful than the packaged version.
Packages does not imply automation (lots of people maintain machines by
logging into each one and running apt by hand and $EDITOR on their
configuration files; I suspect this applies to the majority of desktops
and laptops by people on this list), and git repositories do not imply
not-automation. Those are simply transport mechanisms for bits and the
level of automation you use is not decided by git-vs-packages.
For debian.org hosts, the choice is primarily a matter of privilege
separation: Service owners generally don't have root on the hosts, and
so if they are to be able to update the service configuration, the
service must run as a user they have access to or we need to build
control planes with access controls which allow service owners to
control their service. DSA has root on the hosts and maintain those,
but we don't run all our services, so we'd rather not be on the critical
path for updating various services (which we'd need to be if those came
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are