1
99:59:59,999 --> 99:59:59,999
Ok, welcome back to the second session
of the day.

2
99:59:59,999 --> 99:59:59,999
It's going to be Alexander Wirt talking
about salsa.debian.org.

3
99:59:59,999 --> 99:59:59,999
[Applause]

4
99:59:59,999 --> 99:59:59,999
Thank you, good morning.

5
99:59:59,999 --> 99:59:59,999
I usually don't give talks in english,
so please be nice to me.

6
99:59:59,999 --> 99:59:59,999
However, I'm here.

7
99:59:59,999 --> 99:59:59,999
I want to talk today about our journey
for Alioth

8
99:59:59,999 --> 99:59:59,999
which is still running, but not for long
anymore,

9
99:59:59,999 --> 99:59:59,999
to our new service, salsa.

10
99:59:59,999 --> 99:59:59,999
I want to get a little bit into the history
of old things

11
99:59:59,999 --> 99:59:59,999
and what we have already achieved,
what we still need to achieve

12
99:59:59,999 --> 99:59:59,999
and what are our plans for the future.

13
99:59:59,999 --> 99:59:59,999
Let's start with the basic things,
who am I.

14
99:59:59,999 --> 99:59:59,999
I am the guy who rejects the mails
on lists.debian.org,

15
99:59:59,999 --> 99:59:59,999
I am a listmaster.

16
99:59:59,999 --> 99:59:59,999
I am the guy that rejects your backports.

17
99:59:59,999 --> 99:59:59,999
I am the backports ftp master.

18
99:59:59,999 --> 99:59:59,999
And I am the guy that will destroy
alioth.debian.org.

19
99:59:59,999 --> 99:59:59,999
For the last ten years

20
99:59:59,999 --> 99:59:59,999
[Applause]

21
99:59:59,999 --> 99:59:59,999
I was an admin by accident of
alioth.debian.org.

22
99:59:59,999 --> 99:59:59,999
This is another story I will tell you
in a few minutes.

23
99:59:59,999 --> 99:59:59,999
Beside from that, I work as an OpenSource
consultant at credativ,

24
99:59:59,999 --> 99:59:59,999
which is a small company in Germany
which is specialized in OpenSource,

25
99:59:59,999 --> 99:59:59,999
we only do OpenSource consulting
in Germany.

26
99:59:59,999 --> 99:59:59,999
We do what today is called DevOps,
we do every kind of consulting.

27
99:59:59,999 --> 99:59:59,999
If you do something with OpenSource,
we are probably the ones you can talk with.

28
99:59:59,999 --> 99:59:59,999
I am a father of two wonderful girls,

29
99:59:59,999 --> 99:59:59,999
they're not here unfortunately,

30
99:59:59,999 --> 99:59:59,999
but otherwise I wouldn't be able
to work.

31
99:59:59,999 --> 99:59:59,999
And in my little bit spare time, I do
role playing games and Tabletop games.

32
99:59:59,999 --> 99:59:59,999
In theory there should be a picture now.

33
99:59:59,999 --> 99:59:59,999
There's a picture missing,
I don't know why,

34
99:59:59,999 --> 99:59:59,999
which should tell "We need you".

35
99:59:59,999 --> 99:59:59,999
A little bit of advertisement, if you
want to do OpenSource work in Germany,

36
99:59:59,999 --> 99:59:59,999
paid,

37
99:59:59,999 --> 99:59:59,999
and you need a job, please talk to me.

38
99:59:59,999 --> 99:59:59,999
We are always looking for good people,
especially in C development,

39
99:59:59,999 --> 99:59:59,999
kernel development, but also of course
consulting.

40
99:59:59,999 --> 99:59:59,999
So please talk to me.

41
99:59:59,999 --> 99:59:59,999
Some steps in history.

42
99:59:59,999 --> 99:59:59,999
Some years ago, ???
2008, 2009,

43
99:59:59,999 --> 99:59:59,999
I told the alioth channel

44
99:59:59,999 --> 99:59:59,999
"Hey, if you need help, I can help with
system administration,

45
99:59:59,999 --> 99:59:59,999
not the GForge stuff which is running
above,

46
99:59:59,999 --> 99:59:59,999
but if you need help, tell me."

47
99:59:59,999 --> 99:59:59,999
[Audience] Big mistake

48
99:59:59,999 --> 99:59:59,999
Yeah.

49
99:59:59,999 --> 99:59:59,999
One or two years went by,
and step by step

50
99:59:59,999 --> 99:59:59,999
all alioth admins left.

51
99:59:59,999 --> 99:59:59,999
We were alone in the channel.

52
99:59:59,999 --> 99:59:59,999
And around that time, I detected

53
99:59:59,999 --> 99:59:59,999
"Hey, I have sudo permissions
and I'm admin"

54
99:59:59,999 --> 99:59:59,999
Somebody made me an admin.

55
99:59:59,999 --> 99:59:59,999
So, I had to decide that I will be
the person that is the future alioth admin

56
99:59:59,999 --> 99:59:59,999
and I stepped in.

57
99:59:59,999 --> 99:59:59,999
So it was the beginning of our alioth
journey.

58
99:59:59,999 --> 99:59:59,999
Then, in DebConf15, we had a long
'Birds of a Feather'

59
99:59:59,999 --> 99:59:59,999
where we talked about several security
problems in collab-maint,

60
99:59:59,999 --> 99:59:59,999
some of you are maybe not aware of it,

61
99:59:59,999 --> 99:59:59,999
but since we use git at filesystem level
on alioth,

62
99:59:59,999 --> 99:59:59,999
we are introducing a number of interesting
security problems

63
99:59:59,999 --> 99:59:59,999
like if someone writes a hook, that hook
gets executed every time someone pushes.

64
99:59:59,999 --> 99:59:59,999
So you have basically shell access.

65
99:59:59,999 --> 99:59:59,999
And of course you execute it as
your own uid.

66
99:59:59,999 --> 99:59:59,999
So, if some DM (Debian Maintainer) or even
not DM, nearly the whole world

67
99:59:59,999 --> 99:59:59,999
has write access to collab-maint,

68
99:59:59,999 --> 99:59:59,999
drops some hooks in,

69
99:59:59,999 --> 99:59:59,999
it can make you execute code on Alioth
at your uid, which is a problem.

70
99:59:59,999 --> 99:59:59,999
We did some things to solve that problem,
but the main problem remained.

71
99:59:59,999 --> 99:59:59,999
So, along that time, we decided that we
would need a successor for git.debian.org.

72
99:59:59,999 --> 99:59:59,999
At that point, we are talking about gitolite

73
99:59:59,999 --> 99:59:59,999
which we evaluated at that time.

74
99:59:59,999 --> 99:59:59,999
However, as ???

75
99:59:59,999 --> 99:59:59,999
Two years went into the land and
nothing real happened,

76
99:59:59,999 --> 99:59:59,999
we just played with it.

77
99:59:59,999 --> 99:59:59,999
Then, May 2017, a thread comes up,
"Moving away from fusionforge".

78
99:59:59,999 --> 99:59:59,999
What nobody was really aware of, is that
alioth is on a Wheezy machine

79
99:59:59,999 --> 99:59:59,999
and Wheezy is ??? out of security
support end of the month.

80
99:59:59,999 --> 99:59:59,999
So time was running up.

81
99:59:59,999 --> 99:59:59,999
The thread was long as usual on
debian-devel and

82
99:59:59,999 --> 99:59:59,999
we decided to do a few steps, like
evaluating things

83
99:59:59,999 --> 99:59:59,999
and in June 2017, I did a survey about
our new alioth services.

84
99:59:59,999 --> 99:59:59,999
It was clear at that point that I wouldn't
be able to maintain all the things

85
99:59:59,999 --> 99:59:59,999
alioth had in the future

86
99:59:59,999 --> 99:59:59,999
so we decided to just bring over
the important things.

87
99:59:59,999 --> 99:59:59,999
What is important? For everyone,
everything else is important

88
99:59:59,999 --> 99:59:59,999
so I decided to do a survey which was
pretty successful

89
99:59:59,999 --> 99:59:59,999
with a few hundreds submissions.

90
99:59:59,999 --> 99:59:59,999
Then, in…

91
99:59:59,999 --> 99:59:59,999
Then we evaluated… "we" as probably "me",

92
99:59:59,999 --> 99:59:59,999
evaluated a few solutions, named pagure,
which is the git solution Fedora is using,

93
99:59:59,999 --> 99:59:59,999
which is a Python thing based on gitolite,

94
99:59:59,999 --> 99:59:59,999
gitlab, which is the biggest Github
competitor

95
99:59:59,999 --> 99:59:59,999
gogs/gitea, which is some golang-based
small git service.

96
99:59:59,999 --> 99:59:59,999
pagure turned out to be not stable enough
for our needs

97
99:59:59,999 --> 99:59:59,999
and we would have to do to much coding
inside pagure to use it in our infrastructure

98
99:59:59,999 --> 99:59:59,999
because pagure is very strongly ???
with the Fedora infrastructure,

99
99:59:59,999 --> 99:59:59,999
specially its user authentication and
user management stuff.