-
Not Synced
Ok, welcome back to the second session
of the day.
-
Not Synced
It's going to be Alexander Wirt talking
about salsa.debian.org.
-
Not Synced
[Applause]
-
Not Synced
Thank you, good morning.
-
Not Synced
I usually don't give talks in english,
so please be nice to me.
-
Not Synced
However, I'm here.
-
Not Synced
I want to talk today about our journey
for Alioth
-
Not Synced
which is still running, but not for long
anymore,
-
Not Synced
to our new service, salsa.
-
Not Synced
I want to get a little bit into the history
of old things
-
Not Synced
and what we have already achieved,
what we still need to achieve
-
Not Synced
and what are our plans for the future.
-
Not Synced
Let's start with the basic things,
who am I.
-
Not Synced
I am the guy who rejects the mails
on lists.debian.org,
-
Not Synced
I am a listmaster.
-
Not Synced
I am the guy that rejects your backports.
-
Not Synced
I am the backports ftp master.
-
Not Synced
And I am the guy that will destroy
alioth.debian.org.
-
Not Synced
For the last ten years
-
Not Synced
[Applause]
-
Not Synced
I was an admin by accident of
alioth.debian.org.
-
Not Synced
This is another story I will tell you
in a few minutes.
-
Not Synced
Beside from that, I work as an OpenSource
consultant at credativ,
-
Not Synced
which is a small company in Germany
which is specialized in OpenSource,
-
Not Synced
we only do OpenSource consulting
in Germany.
-
Not Synced
We do what today is called DevOps,
we do every kind of consulting.
-
Not Synced
If you do something with OpenSource,
we are probably the ones you can talk with.
-
Not Synced
I am a father of two wonderful girls,
-
Not Synced
they're not here unfortunately,
-
Not Synced
but otherwise I wouldn't be able
to work.
-
Not Synced
And in my little bit spare time, I do
role playing games and Tabletop games.
-
Not Synced
In theory there should be a picture now.
-
Not Synced
There's a picture missing,
I don't know why,
-
Not Synced
which should tell "We need you".
-
Not Synced
A little bit of advertisement, if you
want to do OpenSource work in Germany,
-
Not Synced
paid,
-
Not Synced
and you need a job, please talk to me.
-
Not Synced
We are always looking for good people,
especially in C development,
-
Not Synced
kernel development, but also of course
consulting.
-
Not Synced
So please talk to me.
-
Not Synced
Some steps in history.
-
Not Synced
Some years ago, ???
2008, 2009,
-
Not Synced
I told the alioth channel
-
Not Synced
"Hey, if you need help, I can help with
system administration,
-
Not Synced
not the GForge stuff which is running
above,
-
Not Synced
but if you need help, tell me."
-
Not Synced
[Audience] Big mistake
-
Not Synced
Yeah.
-
Not Synced
One or two years went by,
and step by step
-
Not Synced
all alioth admins left.
-
Not Synced
We were alone in the channel.
-
Not Synced
And around that time, I detected
-
Not Synced
"Hey, I have sudo permissions
and I'm admin"
-
Not Synced
Somebody made me an admin.
-
Not Synced
So, I had to decide that I will be
the person that is the future alioth admin
-
Not Synced
and I stepped in.
-
Not Synced
So it was the beginning of our alioth
journey.
-
Not Synced
Then, in DebConf15, we had a long
'Birds of a Feather'
-
Not Synced
where we talked about several security
problems in collab-maint,
-
Not Synced
some of you are maybe not aware of it,
-
Not Synced
but since we use git at filesystem level
on alioth,
-
Not Synced
we are introducing a number of interesting
security problems
-
Not Synced
like if someone writes a hook, that hook
gets executed every time someone pushes.
-
Not Synced
So you have basically shell access.
-
Not Synced
And of course you execute it as
your own uid.
-
Not Synced
So, if some DM (Debian Maintainer) or even
not DM, nearly the whole world
-
Not Synced
has write access to collab-maint,
-
Not Synced
drops some hooks in,
-
Not Synced
it can make you execute code on Alioth
at your uid, which is a problem.
-
Not Synced
We did some things to solve that problem,
but the main problem remained.
-
Not Synced
So, along that time, we decided that we
would need a successor for git.debian.org.
-
Not Synced
At that point, we are talking about gitolite
-
Not Synced
which we evaluated at that time.
-
Not Synced
However, as ???
-
Not Synced
Two years went into the land and
nothing real happened,
-
Not Synced
we just played with it.
-
Not Synced
Then, May 2017, a thread comes up,
"Moving away from fusionforge".
-
Not Synced
What nobody was really aware of, is that
alioth is on a Wheezy machine
-
Not Synced
and Wheezy is ??? out of security
support end of the month.
-
Not Synced
So time was running up.
-
Not Synced
The thread was long as usual on
debian-devel and
-
Not Synced
we decided to do a few steps, like
evaluating things
-
Not Synced
and in June 2017, I did a survey about
our new alioth services.
-
Not Synced
It was clear at that point that I wouldn't
be able to maintain all the things
-
Not Synced
alioth had in the future
-
Not Synced
so we decided to just bring over
the important things.
-
Not Synced
What is important? For everyone,
everything else is important
-
Not Synced
so I decided to do a survey which was
pretty successful
-
Not Synced
with a few hundreds submissions.
-
Not Synced
Then, in…
-
Not Synced
Then we evaluated… "we" as probably "me",
-
Not Synced
evaluated a few solutions, named pagure,
which is the git solution Fedora is using,
-
Not Synced
which is a Python thing based on gitolite,
-
Not Synced
gitlab, which is the biggest Github
competitor
-
Not Synced
gogs/gitea, which is some golang-based
small git service.
-
Not Synced
pagure turned out to be not stable enough
for our needs
-
Not Synced
and we would have to do to much coding
inside pagure to use it in our infrastructure
-
Not Synced
because pagure is very strongly ???
with the Fedora infrastructure,
-
Not Synced
specially its user authentication and
user management stuff.
-
Not Synced
Gitlab had an other problem called
"opencore" and
-
Not Synced
"contributor license agreement"
which means
-
Not Synced
I and others were not very happy with
contributing code to Gitlab
-
Not Synced
which is something that will always
happen if you maintain such a service.
-
Not Synced
And gogs and gitea is nice but it's small
-
Not Synced
It will not be able to manage 10,000s
of repositories.
-
Not Synced
Next step happened in August 2017 when
we had a sprint here in Hamburg
-
Not Synced
at the hackerlab CCC on the other side
of the building,
-
Not Synced
where we talked about it.
-
Not Synced
After long discussions, we decided to go
with Gitlab
-
Not Synced
because Gitlab, at that point, was
the best solution that was already ready.
-
Not Synced
We didn't have to adapt too much, we don't
need to patch it
-
Not Synced
which turned out it isn't true, but it's
an other problem
-
Not Synced
It had features like continuous integration
ready,
-
Not Synced
it had features like code review ready,
wiki pretty good working
-
Not Synced
and ??? very scalable
in all directions
-
Not Synced
Every component is scalable which is
good for us.
-
Not Synced
This is a TODO point, I wanted to add
an image about the restaurant
-
Not Synced
where we decided on the name "salsa".
-
Not Synced
Somebody of you may ask yourself where
the name is coming from.
-
Not Synced
There's a small mexican restaurant
a few hundred meters from here
-
Not Synced
where you can get great burritos and
they have a painting at the back
-
Not Synced
with the term "salsa" written
-
Not Synced
and we were deciding on a name which
just not describes the type of service on it
-
Not Synced
so we wanted…
-
Not Synced
Yes, it's also a sauce. So salsa had sauce.
-
Not Synced
I wanted to call it Klaus, but we decided
against it so somebody came up
-
Not Synced
in the restaurant with the name "salsa"
and so it's called salsa.
-
Not Synced
In the meanwhile, we talked a lot with
the Gitlab people
-
Not Synced
which were very kind and helped us
with our problems.
-
Not Synced
We also talked with them about the CLA
problem and after some discussions,
-
Not Synced
the lawyer of SPI was also involved,
-
Not Synced
we made them to remove the CLA
and replace it with something better.
-
Not Synced
Contributing patches to Gitlab is now
much easier and better
-
Not Synced
which is something we are very proud of
-
Not Synced
[Applause]