Ok, welcome back to the second session
of the day.
It's going to be Alexander Wirt talking
about salsa.debian.org.
[Applause]
Thank you, good morning.
I usually don't give talks in english,
so please be nice to me.
However, I'm here.
I want to talk today about our journey
for Alioth
which is still running, but not for long
anymore,
to our new service, salsa.
I want to get a little bit into the history
of old things
and what we have already achieved,
what we still need to achieve
and what are our plans for the future.
Let's start with the basic things,
who am I.
I am the guy who rejects the mails
on lists.debian.org,
I am a listmaster.
I am the guy that rejects your backports.
I am the backports ftp master.
And I am the guy that will destroy
alioth.debian.org.
For the last ten years
[Applause]
I was an admin by accident of
alioth.debian.org.
This is another story I will tell you
in a few minutes.
Beside from that, I work as an OpenSource
consultant at credativ,
which is a small company in Germany
which is specialized in OpenSource,
we only do OpenSource consulting
in Germany.
We do what today is called DevOps,
we do every kind of consulting.
If you do something with OpenSource,
we are probably the ones you can talk with.
I am a father of two wonderful girls,
they're not here unfortunately,
but otherwise I wouldn't be able
to work.
And in my little bit spare time, I do
role playing games and Tabletop games.
In theory there should be a picture now.
There's a picture missing,
I don't know why,
which should tell "We need you".
A little bit of advertisement, if you
want to do OpenSource work in Germany,
paid,
and you need a job, please talk to me.
We are always looking for good people,
especially in C development,
kernel development, but also of course
consulting.
So please talk to me.
Some steps in history.
Some years ago, ???
2008, 2009,
I told the alioth channel
"Hey, if you need help, I can help with
system administration,
not the GForge stuff which is running
above,
but if you need help, tell me."
[Audience] Big mistake
Yeah.
One or two years went by,
and step by step
all alioth admins left.
We were alone in the channel.
And around that time, I detected
"Hey, I have sudo permissions
and I'm admin"
Somebody made me an admin.
So, I had to decide that I will be
the person that is the future alioth admin
and I stepped in.
So it was the beginning of our alioth
journey.
Then, in DebConf15, we had a long
'Birds of a Feather'
where we talked about several security
problems in collab-maint,
some of you are maybe not aware of it,
but since we use git at filesystem level
on alioth,
we are introducing a number of interesting
security problems
like if someone writes a hook, that hook
gets executed every time someone pushes.
So you have basically shell access.
And of course you execute it as
your own uid.
So, if some DM (Debian Maintainer) or even
not DM, nearly the whole world
has write access to collab-maint,
drops some hooks in,
it can make you execute code on Alioth
at your uid, which is a problem.
We did some things to solve that problem,
but the main problem remained.
So, along that time, we decided that we
would need a successor for git.debian.org.
At that point, we are talking about gitolite
which we evaluated at that time.
However, as ???
Two years went into the land and
nothing real happened,
we just played with it.
Then, May 2017, a thread comes up,
"Moving away from fusionforge".
What nobody was really aware of, is that
alioth is on a Wheezy machine
and Wheezy is ??? out of security
support end of the month.
So time was running up.
The thread was long as usual on
debian-devel and
we decided to do a few steps, like
evaluating things
and in June 2017, I did a survey about
our new alioth services.
It was clear at that point that I wouldn't
be able to maintain all the things
alioth had in the future
so we decided to just bring over
the important things.
What is important? For everyone,
everything else is important
so I decided to do a survey which was
pretty successful
with a few hundreds submissions.
Then, in…
Then we evaluated… "we" as probably "me",
evaluated a few solutions, named pagure,
which is the git solution Fedora is using,
which is a Python thing based on gitolite,
gitlab, which is the biggest Github
competitor
gogs/gitea, which is some golang-based
small git service.
pagure turned out to be not stable enough
for our needs
and we would have to do to much coding
inside pagure to use it in our infrastructure
because pagure is very strongly ???
with the Fedora infrastructure,
specially its user authentication and
user management stuff.