Re: concerns about Salsa
- Date: Sat, 09 Jun 2018 09:24:31 +0200
- From: Tollef Fog Heen <tfheen@xxxxxx>
- Subject: Re: concerns about Salsa
]] Russell Stuart
> On Thu, 2018-06-07 at 18:14 +0200, Tollef Fog Heen wrote:
> > Packages does not imply automation (lots of people maintain machines
> > by logging into each one and running apt by hand and $EDITOR on their
> > configuration files; I suspect this applies to the majority of
> > desktops and laptops by people on this list), and git repositories do
> > not imply not-automation. Those are simply transport mechanisms for
> > bits and the level of automation you use is not decided by git-vs-
> > packages.
> No, distros are not "just transport mechanisms".
We are not disagreeing here; I was talking about packages vs git
checkouts of services, not about distributions.
> I'll drive the point home with yesterdays (literally yesterdays)
> headline: "Three months later, a mass exploit of powerful Web servers
> continues". The headline is referring to the 1000's of unpatched
> Drupal servers out there, unpatched because patching required upgrading
> to the latest version which is too hard. Wordpress sites using the
> Debian package with unattended upgrades installed would likely have
> been patched before news of the exploit made the headlines.
Yes, this happens. I've also come across installations of Debian
several releases out of date where everything came from packages, so
using packages is not a panacea. Systems have to be maintained no
matter where the bits on the system come from.
> I accept that's doesn't leave the Salsa team with much choice, but it
> still leaves me scratching my head. Containers / VPS's / VM have been
> a thing for years now. They solve this separation problem in a way
> that reduces the workload for everyone.
At the risk of extrapolating from a single data point, I think Alioth
showed that using VMs does not fix this automatically. (I'm not picking
on the Alioth maintainers, I used to be one of them. The job of
maintaining your own separate infrastructure has a non-trivial cost.)
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are