1 |
On Sun, Sep 13, 2020 at 11:31 AM Thomas Deutschmann <whissi@g.o> |
2 |
wrote: |
3 |
|
4 |
> Hi, |
5 |
> |
6 |
> TL;DR: jstein asked council [Bug 729062] for a motion that any service |
7 |
> and software which is critical for Gentoo should be developed/run in |
8 |
> Gentoo namespace. Because any request to council must be discussed I |
9 |
> volunteered to bring this topic to the mailing list (sorry for the huge |
10 |
> delay!). |
11 |
> |
12 |
> |
13 |
> Problem |
14 |
> ======= |
15 |
> You maybe all remember what happened to stable-bot: Years ago, |
16 |
> kensington created stable-bot on his own as PoC which revolutionized the |
17 |
> way how we do package stabilization in bugzilla. The service run on his |
18 |
> own infrastructure. Because of the benefit of the service the bot |
19 |
> provided, arch team’s workflow became dependent on stable-bot. We were |
20 |
> lucky that stable-bot just worked most of the time until the service was |
21 |
> down for a while. Nobody was able to help here: Kensigton himself was |
22 |
> unavailable, nobody had the sources… the end of the story: mgorny |
23 |
> created nattka which replaced stable-bot. |
24 |
> |
25 |
> However, we are still facing the same problem: Only one person is |
26 |
> involved in development and knows how to run it. In case something will |
27 |
> break again and Michał will be unavailable, we can’t just push a fix and |
28 |
> watch a CI pipeline picking up and deploying new nattka. Instead someone |
29 |
> will have to fork repository from Michał’s private repository at GitHub, |
30 |
> make the changes and hope that anyone within infrastructure team can |
31 |
> help to deploy fixed nattka. |
32 |
> |
33 |
> This is what the motion is about: This is not about that Gentoo depends |
34 |
> on single persons or things like that. It’s about the idea to |
35 |
> *formalize* the requirement that any service and software which is |
36 |
> critical for Gentoo (think about pkgcore) should live within Gentoo |
37 |
> namespace (https://gitweb.gentoo.org/), i.e. be accessible for *any* |
38 |
> Gentoo developer and deployments should be based on these repositories. |
39 |
> Or in other words: Make sure that we adhere to social contract even for |
40 |
> critical software and services Gentoo depends on. So that we will never |
41 |
> ever face the situation that something we depend on doesn’t work |
42 |
> anymore. Taking care of working pipelines before something is broken |
43 |
> should also help us in case something stops working so we don’t have to |
44 |
> figure out how to fix and re-deploy when house is already burning (like |
45 |
> portage: In case Zac can't do a release for some reason, in theory, |
46 |
> every Gentoo developer would be able to roll a new release). |
47 |
> |
48 |
|
49 |
I think your examples are a bit weird. |
50 |
|
51 |
Is openrc critical to Gentoo? it doesn't live on our infra. |
52 |
Is pkgcore critical to Gentoo? it doesn't live on our infra. |
53 |
|
54 |
Note that these are just packages, not services and the social contract |
55 |
just says |
56 |
"""However, Gentoo will never depend upon a piece of software or metadata |
57 |
unless it conforms to the GNU General Public License, the GNU Lesser |
58 |
General Public License, the Creative Commons - Attribution/Share Alike or |
59 |
some other license approved by the Open Source Initiative.""" |
60 |
|
61 |
It says nothing about where things are hosted or how services are provided. |
62 |
|
63 |
I'd consider splitting the two here. For packages I don't think it matters |
64 |
as much where they are hosted. Most things can be mirrored into gentoo (if |
65 |
we want a copy of the src tree) and we also have tarballs of the source |
66 |
code much of the time on the mirror network. |
67 |
|
68 |
For services, I tend to agree more with your comments; we need need |
69 |
visibility and operational capability for services. When we rely on service |
70 |
components where the source is not available; its bad. But we rely on |
71 |
numerous services now. E.g. p.g.o relies on repology. Does that mean we |
72 |
need the source code to repology? I assume not. Does that mean we need to |
73 |
run our own repology? Also I assume not. |
74 |
|
75 |
-A |
76 |
|
77 |
|
78 |
> |
79 |
> See also: |
80 |
> ========= |
81 |
> Bug 729062: https://bugs.gentoo.org/729062 |
82 |
> |
83 |
> |
84 |
> -- |
85 |
> Regards, |
86 |
> Thomas Deutschmann / Gentoo Linux Developer |
87 |
> C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 |
88 |
> |
89 |
> |