9:59:59.000,9:59:59.000 Ok, welcome back to the second session[br]of the day. 9:59:59.000,9:59:59.000 It's going to be Alexander Wirt talking[br]about salsa.debian.org. 9:59:59.000,9:59:59.000 [Applause] 9:59:59.000,9:59:59.000 Thank you, good morning. 9:59:59.000,9:59:59.000 I usually don't give talks in english,[br]so please be nice to me. 9:59:59.000,9:59:59.000 However, I'm here. 9:59:59.000,9:59:59.000 I want to talk today about our journey[br]for Alioth 9:59:59.000,9:59:59.000 which is still running, but not for long[br]anymore, 9:59:59.000,9:59:59.000 to our new service, salsa. 9:59:59.000,9:59:59.000 I want to get a little bit into the history[br]of old things 9:59:59.000,9:59:59.000 and what we have already achieved,[br]what we still need to achieve 9:59:59.000,9:59:59.000 and what are our plans for the future. 9:59:59.000,9:59:59.000 Let's start with the basic things,[br]who am I. 9:59:59.000,9:59:59.000 I am the guy who rejects the mails[br]on lists.debian.org, 9:59:59.000,9:59:59.000 I am a listmaster. 9:59:59.000,9:59:59.000 I am the guy that rejects your backports. 9:59:59.000,9:59:59.000 I am the backports ftp master. 9:59:59.000,9:59:59.000 And I am the guy that will destroy[br]alioth.debian.org. 9:59:59.000,9:59:59.000 For the last ten years 9:59:59.000,9:59:59.000 [Applause] 9:59:59.000,9:59:59.000 I was an admin by accident of[br]alioth.debian.org. 9:59:59.000,9:59:59.000 This is another story I will tell you[br]in a few minutes. 9:59:59.000,9:59:59.000 Beside from that, I work as an OpenSource[br]consultant at credativ, 9:59:59.000,9:59:59.000 which is a small company in Germany[br]which is specialized in OpenSource, 9:59:59.000,9:59:59.000 we only do OpenSource consulting[br]in Germany. 9:59:59.000,9:59:59.000 We do what today is called DevOps,[br]we do every kind of consulting. 9:59:59.000,9:59:59.000 If you do something with OpenSource,[br]we are probably the ones you can talk with. 9:59:59.000,9:59:59.000 I am a father of two wonderful girls, 9:59:59.000,9:59:59.000 they're not here unfortunately, 9:59:59.000,9:59:59.000 but otherwise I wouldn't be able[br]to work. 9:59:59.000,9:59:59.000 And in my little bit spare time, I do[br]role playing games and Tabletop games. 9:59:59.000,9:59:59.000 In theory there should be a picture now. 9:59:59.000,9:59:59.000 There's a picture missing,[br]I don't know why, 9:59:59.000,9:59:59.000 which should tell "We need you". 9:59:59.000,9:59:59.000 A little bit of advertisement, if you[br]want to do OpenSource work in Germany, 9:59:59.000,9:59:59.000 paid, 9:59:59.000,9:59:59.000 and you need a job, please talk to me. 9:59:59.000,9:59:59.000 We are always looking for good people,[br]especially in C development, 9:59:59.000,9:59:59.000 kernel development, but also of course[br]consulting. 9:59:59.000,9:59:59.000 So please talk to me. 9:59:59.000,9:59:59.000 Some steps in history. 9:59:59.000,9:59:59.000 Some years ago, ???[br]2008, 2009, 9:59:59.000,9:59:59.000 I told the alioth channel 9:59:59.000,9:59:59.000 "Hey, if you need help, I can help with[br]system administration, 9:59:59.000,9:59:59.000 not the GForge stuff which is running[br]above, 9:59:59.000,9:59:59.000 but if you need help, tell me." 9:59:59.000,9:59:59.000 [Audience] Big mistake 9:59:59.000,9:59:59.000 Yeah. 9:59:59.000,9:59:59.000 One or two years went by,[br]and step by step 9:59:59.000,9:59:59.000 all alioth admins left. 9:59:59.000,9:59:59.000 We were alone in the channel. 9:59:59.000,9:59:59.000 And around that time, I detected 9:59:59.000,9:59:59.000 "Hey, I have sudo permissions[br]and I'm admin" 9:59:59.000,9:59:59.000 Somebody made me an admin. 9:59:59.000,9:59:59.000 So, I had to decide that I will be[br]the person that is the future alioth admin 9:59:59.000,9:59:59.000 and I stepped in. 9:59:59.000,9:59:59.000 So it was the beginning of our alioth[br]journey. 9:59:59.000,9:59:59.000 Then, in DebConf15, we had a long[br]'Birds of a Feather' 9:59:59.000,9:59:59.000 where we talked about several security[br]problems in collab-maint, 9:59:59.000,9:59:59.000 some of you are maybe not aware of it, 9:59:59.000,9:59:59.000 but since we use git at filesystem level[br]on alioth, 9:59:59.000,9:59:59.000 we are introducing a number of interesting[br]security problems 9:59:59.000,9:59:59.000 like if someone writes a hook, that hook[br]gets executed every time someone pushes. 9:59:59.000,9:59:59.000 So you have basically shell access. 9:59:59.000,9:59:59.000 And of course you execute it as[br]your own uid. 9:59:59.000,9:59:59.000 So, if some DM (Debian Maintainer) or even[br]not DM, nearly the whole world 9:59:59.000,9:59:59.000 has write access to collab-maint, 9:59:59.000,9:59:59.000 drops some hooks in, 9:59:59.000,9:59:59.000 it can make you execute code on Alioth[br]at your uid, which is a problem. 9:59:59.000,9:59:59.000 We did some things to solve that problem,[br]but the main problem remained. 9:59:59.000,9:59:59.000 So, along that time, we decided that we[br]would need a successor for git.debian.org. 9:59:59.000,9:59:59.000 At that point, we are talking about gitolite 9:59:59.000,9:59:59.000 which we evaluated at that time. 9:59:59.000,9:59:59.000 However, as ??? 9:59:59.000,9:59:59.000 Two years went into the land and[br]nothing real happened, 9:59:59.000,9:59:59.000 we just played with it. 9:59:59.000,9:59:59.000 Then, May 2017, a thread comes up,[br]"Moving away from fusionforge". 9:59:59.000,9:59:59.000 What nobody was really aware of, is that[br]alioth is on a Wheezy machine 9:59:59.000,9:59:59.000 and Wheezy is ??? out of security[br]support end of the month. 9:59:59.000,9:59:59.000 So time was running up. 9:59:59.000,9:59:59.000 The thread was long as usual on[br]debian-devel and 9:59:59.000,9:59:59.000 we decided to do a few steps, like[br]evaluating things 9:59:59.000,9:59:59.000 and in June 2017, I did a survey about[br]our new alioth services. 9:59:59.000,9:59:59.000 It was clear at that point that I wouldn't[br]be able to maintain all the things 9:59:59.000,9:59:59.000 alioth had in the future 9:59:59.000,9:59:59.000 so we decided to just bring over[br]the important things. 9:59:59.000,9:59:59.000 What is important? For everyone,[br]everything else is important 9:59:59.000,9:59:59.000 so I decided to do a survey which was[br]pretty successful 9:59:59.000,9:59:59.000 with a few hundreds submissions. 9:59:59.000,9:59:59.000 Then, in… 9:59:59.000,9:59:59.000 Then we evaluated… "we" as probably "me", 9:59:59.000,9:59:59.000 evaluated a few solutions, named pagure,[br]which is the git solution Fedora is using, 9:59:59.000,9:59:59.000 which is a Python thing based on gitolite, 9:59:59.000,9:59:59.000 gitlab, which is the biggest Github[br]competitor 9:59:59.000,9:59:59.000 gogs/gitea, which is some golang-based[br]small git service. 9:59:59.000,9:59:59.000 pagure turned out to be not stable enough[br]for our needs 9:59:59.000,9:59:59.000 and we would have to do to much coding[br]inside pagure to use it in our infrastructure 9:59:59.000,9:59:59.000 because pagure is very strongly ???[br]with the Fedora infrastructure, 9:59:59.000,9:59:59.000 specially its user authentication and[br]user management stuff. 9:59:59.000,9:59:59.000 Gitlab had an other problem called[br]"opencore" and 9:59:59.000,9:59:59.000 "contributor license agreement"[br]which means 9:59:59.000,9:59:59.000 I and others were not very happy with[br]contributing code to Gitlab 9:59:59.000,9:59:59.000 which is something that will always[br]happen if you maintain such a service. 9:59:59.000,9:59:59.000 And gogs and gitea is nice but it's small 9:59:59.000,9:59:59.000 It will not be able to manage 10,000s[br]of repositories. 9:59:59.000,9:59:59.000 Next step happened in August 2017 when[br]we had a sprint here in Hamburg 9:59:59.000,9:59:59.000 at the hackerlab CCC on the other side[br]of the building, 9:59:59.000,9:59:59.000 where we talked about it. 9:59:59.000,9:59:59.000 After long discussions, we decided to go[br]with Gitlab 9:59:59.000,9:59:59.000 because Gitlab, at that point, was[br]the best solution that was already ready. 9:59:59.000,9:59:59.000 We didn't have to adapt too much, we don't[br]need to patch it 9:59:59.000,9:59:59.000 which turned out it isn't true, but it's[br]an other problem 9:59:59.000,9:59:59.000 It had features like continuous integration[br]ready, 9:59:59.000,9:59:59.000 it had features like code review ready,[br]wiki pretty good working 9:59:59.000,9:59:59.000 and ??? very scalable[br]in all directions 9:59:59.000,9:59:59.000 Every component is scalable which is[br]good for us. 9:59:59.000,9:59:59.000 This is a TODO point, I wanted to add[br]an image about the restaurant 9:59:59.000,9:59:59.000 where we decided on the name "salsa". 9:59:59.000,9:59:59.000 Somebody of you may ask yourself where[br]the name is coming from. 9:59:59.000,9:59:59.000 There's a small mexican restaurant[br]a few hundred meters from here 9:59:59.000,9:59:59.000 where you can get great burritos and[br]they have a painting at the back 9:59:59.000,9:59:59.000 with the term "salsa" written 9:59:59.000,9:59:59.000 and we were deciding on a name which[br]just not describes the type of service on it 9:59:59.000,9:59:59.000 so we wanted… 9:59:59.000,9:59:59.000 Yes, it's also a sauce. So salsa had sauce. 9:59:59.000,9:59:59.000 I wanted to call it Klaus, but we decided[br]against it so somebody came up 9:59:59.000,9:59:59.000 in the restaurant with the name "salsa"[br]and so it's called salsa. 9:59:59.000,9:59:59.000 In the meanwhile, we talked a lot with[br]the Gitlab people 9:59:59.000,9:59:59.000 which were very kind and helped us[br]with our problems. 9:59:59.000,9:59:59.000 We also talked with them about the CLA[br]problem and after some discussions, 9:59:59.000,9:59:59.000 the lawyer of SPI was also involved, 9:59:59.000,9:59:59.000 we made them to remove the CLA[br]and replace it with something better. 9:59:59.000,9:59:59.000 Contributing patches to Gitlab is now[br]much easier and better 9:59:59.000,9:59:59.000 which is something we are very proud of 9:59:59.000,9:59:59.000 [Applause]