WEBVTT 99:59:59.999 --> 99:59:59.999 Ok, welcome back to the second session of the day. 99:59:59.999 --> 99:59:59.999 It's going to be Alexander Wirt talking about salsa.debian.org. 99:59:59.999 --> 99:59:59.999 [Applause] 99:59:59.999 --> 99:59:59.999 Thank you, good morning. 99:59:59.999 --> 99:59:59.999 I usually don't give talks in english, so please be nice to me. 99:59:59.999 --> 99:59:59.999 However, I'm here. 99:59:59.999 --> 99:59:59.999 I want to talk today about our journey for Alioth 99:59:59.999 --> 99:59:59.999 which is still running, but not for long anymore, 99:59:59.999 --> 99:59:59.999 to our new service, salsa. 99:59:59.999 --> 99:59:59.999 I want to get a little bit into the history of old things 99:59:59.999 --> 99:59:59.999 and what we have already achieved, what we still need to achieve 99:59:59.999 --> 99:59:59.999 and what are our plans for the future. 99:59:59.999 --> 99:59:59.999 Let's start with the basic things, who am I. 99:59:59.999 --> 99:59:59.999 I am the guy who rejects the mails on lists.debian.org, 99:59:59.999 --> 99:59:59.999 I am a listmaster. 99:59:59.999 --> 99:59:59.999 I am the guy that rejects your backports. 99:59:59.999 --> 99:59:59.999 I am the backports ftp master. 99:59:59.999 --> 99:59:59.999 And I am the guy that will destroy alioth.debian.org. 99:59:59.999 --> 99:59:59.999 For the last ten years 99:59:59.999 --> 99:59:59.999 [Applause] 99:59:59.999 --> 99:59:59.999 I was an admin by accident of alioth.debian.org. 99:59:59.999 --> 99:59:59.999 This is another story I will tell you in a few minutes. 99:59:59.999 --> 99:59:59.999 Beside from that, I work as an OpenSource consultant at credativ, 99:59:59.999 --> 99:59:59.999 which is a small company in Germany which is specialized in OpenSource, 99:59:59.999 --> 99:59:59.999 we only do OpenSource consulting in Germany. 99:59:59.999 --> 99:59:59.999 We do what today is called DevOps, we do every kind of consulting. 99:59:59.999 --> 99:59:59.999 If you do something with OpenSource, we are probably the ones you can talk with. 99:59:59.999 --> 99:59:59.999 I am a father of two wonderful girls, 99:59:59.999 --> 99:59:59.999 they're not here unfortunately, 99:59:59.999 --> 99:59:59.999 but otherwise I wouldn't be able to work. 99:59:59.999 --> 99:59:59.999 And in my little bit spare time, I do role playing games and Tabletop games. 99:59:59.999 --> 99:59:59.999 In theory there should be a picture now. 99:59:59.999 --> 99:59:59.999 There's a picture missing, I don't know why, 99:59:59.999 --> 99:59:59.999 which should tell "We need you". 99:59:59.999 --> 99:59:59.999 A little bit of advertisement, if you want to do OpenSource work in Germany, 99:59:59.999 --> 99:59:59.999 paid, 99:59:59.999 --> 99:59:59.999 and you need a job, please talk to me. 99:59:59.999 --> 99:59:59.999 We are always looking for good people, especially in C development, 99:59:59.999 --> 99:59:59.999 kernel development, but also of course consulting. 99:59:59.999 --> 99:59:59.999 So please talk to me. 99:59:59.999 --> 99:59:59.999 Some steps in history. 99:59:59.999 --> 99:59:59.999 Some years ago, ??? 2008, 2009, 99:59:59.999 --> 99:59:59.999 I told the alioth channel 99:59:59.999 --> 99:59:59.999 "Hey, if you need help, I can help with system administration, 99:59:59.999 --> 99:59:59.999 not the GForge stuff which is running above, 99:59:59.999 --> 99:59:59.999 but if you need help, tell me." 99:59:59.999 --> 99:59:59.999 [Audience] Big mistake 99:59:59.999 --> 99:59:59.999 Yeah. 99:59:59.999 --> 99:59:59.999 One or two years went by, and step by step 99:59:59.999 --> 99:59:59.999 all alioth admins left. 99:59:59.999 --> 99:59:59.999 We were alone in the channel. 99:59:59.999 --> 99:59:59.999 And around that time, I detected 99:59:59.999 --> 99:59:59.999 "Hey, I have sudo permissions and I'm admin" 99:59:59.999 --> 99:59:59.999 Somebody made me an admin. 99:59:59.999 --> 99:59:59.999 So, I had to decide that I will be the person that is the future alioth admin 99:59:59.999 --> 99:59:59.999 and I stepped in. 99:59:59.999 --> 99:59:59.999 So it was the beginning of our alioth journey. 99:59:59.999 --> 99:59:59.999 Then, in DebConf15, we had a long 'Birds of a Feather' 99:59:59.999 --> 99:59:59.999 where we talked about several security problems in collab-maint, 99:59:59.999 --> 99:59:59.999 some of you are maybe not aware of it, 99:59:59.999 --> 99:59:59.999 but since we use git at filesystem level on alioth, 99:59:59.999 --> 99:59:59.999 we are introducing a number of interesting security problems 99:59:59.999 --> 99:59:59.999 like if someone writes a hook, that hook gets executed every time someone pushes. 99:59:59.999 --> 99:59:59.999 So you have basically shell access. 99:59:59.999 --> 99:59:59.999 And of course you execute it as your own uid. 99:59:59.999 --> 99:59:59.999 So, if some DM (Debian Maintainer) or even not DM, nearly the whole world 99:59:59.999 --> 99:59:59.999 has write access to collab-maint, 99:59:59.999 --> 99:59:59.999 drops some hooks in, 99:59:59.999 --> 99:59:59.999 it can make you execute code on Alioth at your uid, which is a problem. 99:59:59.999 --> 99:59:59.999 We did some things to solve that problem, but the main problem remained. 99:59:59.999 --> 99:59:59.999 So, along that time, we decided that we would need a successor for git.debian.org. 99:59:59.999 --> 99:59:59.999 At that point, we are talking about gitolite 99:59:59.999 --> 99:59:59.999 which we evaluated at that time. 99:59:59.999 --> 99:59:59.999 However, as ??? 99:59:59.999 --> 99:59:59.999 Two years went into the land and nothing real happened, 99:59:59.999 --> 99:59:59.999 we just played with it. 99:59:59.999 --> 99:59:59.999 Then, May 2017, a thread comes up, "Moving away from fusionforge". 99:59:59.999 --> 99:59:59.999 What nobody was really aware of, is that alioth is on a Wheezy machine 99:59:59.999 --> 99:59:59.999 and Wheezy is ??? out of security support end of the month. 99:59:59.999 --> 99:59:59.999 So time was running up. 99:59:59.999 --> 99:59:59.999 The thread was long as usual on debian-devel and 99:59:59.999 --> 99:59:59.999 we decided to do a few steps, like evaluating things 99:59:59.999 --> 99:59:59.999 and in June 2017, I did a survey about our new alioth services. 99:59:59.999 --> 99:59:59.999 It was clear at that point that I wouldn't be able to maintain all the things 99:59:59.999 --> 99:59:59.999 alioth had in the future 99:59:59.999 --> 99:59:59.999 so we decided to just bring over the important things. 99:59:59.999 --> 99:59:59.999 What is important? For everyone, everything else is important 99:59:59.999 --> 99:59:59.999 so I decided to do a survey which was pretty successful 99:59:59.999 --> 99:59:59.999 with a few hundreds submissions. 99:59:59.999 --> 99:59:59.999 Then, in… 99:59:59.999 --> 99:59:59.999 Then we evaluated… "we" as probably "me", 99:59:59.999 --> 99:59:59.999 evaluated a few solutions, named pagure, which is the git solution Fedora is using, 99:59:59.999 --> 99:59:59.999 which is a Python thing based on gitolite, 99:59:59.999 --> 99:59:59.999 gitlab, which is the biggest Github competitor 99:59:59.999 --> 99:59:59.999 gogs/gitea, which is some golang-based small git service. 99:59:59.999 --> 99:59:59.999 pagure turned out to be not stable enough for our needs 99:59:59.999 --> 99:59:59.999 and we would have to do to much coding inside pagure to use it in our infrastructure 99:59:59.999 --> 99:59:59.999 because pagure is very strongly ??? with the Fedora infrastructure, 99:59:59.999 --> 99:59:59.999 specially its user authentication and user management stuff.