Re: gitlab for stretch-backports - call for testing

To: debian-ruby <debian-ruby@lists.debian.org>, debian-backports <debian-backports@lists.debian.org>
Subject: Re: gitlab for stretch-backports - call for testing
From: Pirate Praveen <praveen@onenetbeyond.org>
Date: Fri, 19 Oct 2018 13:51:00 +0530
Message-id: <[🔎] d2fb8e9b-9fad-5cf8-1f75-5d19c6b82b4e@onenetbeyond.org>
In-reply-to: <06efeb8c-102b-b48f-f359-80fdf0380d2c@onenetbeyond.org>
References: <06efeb8c-102b-b48f-f359-80fdf0380d2c@onenetbeyond.org>

On 02/05/18 6:30 PM, Pirate Praveen wrote:
> Hi team,
> 
> I have rebuilt gitlab and all dependencies for stretch-backports and
> uploaded here https://people.debian.org/~praveen/gitlab/ (about 157 ruby
> packages were rebuilt).

An update on the current status of this effort. After a long wait
protobuf 3.6 is available in unstable, once it moves to testing, I
gitlab can reach testing. Except for packages depending on protobuf, all
other dependencies are now available in stretch-backports (ruby-ed25519
which was a recent addition when ruby-net-ssh was updated to 5.x is in
backports-NEW).

> It starting fine with an initial test, but found some errors in
> production.log. Any help in testing this would be welcome as I hope to
> provide stretch-backports as an upgrade path for gitlab currently in
> stretch (backporting security fixes to 8.13 is very difficult as code
> has diverged too much).

10.8.7 is the last gitlab version supporting ruby 2.3 and it still has
15 security issues against it. We either need to keep backporting the
security issues or update ruby also in stretch-bckports (it means
rebuilding all native ruby gems about 43 of them with an update to gem2deb).

I will wait till 10.8.7 enters stretch-backports before I work on
updating gitlab to more recent versions.

In the short term, help in backport the security issues welcome.

> My initial hope was to provide updates via stretch-backports, but sudden
> explosion of nodejs front end dependencies made that impossible. Now all
> nodejs modules are installed via npm/yarn and gitlab is moved to contrib.
> 
> More than a 100 node module packages are stuck in NEW for over 5-7
> months and not sure how to get it back in main. If you'd like to help,
> please volunteer with ftp team and help process the node modules.

Also the node packages are getting attention from ftp masters with the
decision to reject small packages that should be embedded as per
https://wiki.debian.org/Javascript/Nodejs/NEW

There is also a recent call from ftp masters for more help.

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

Prev by Date: Orca 3.30
Next by Date: Re: Orca 3.30
Previous by thread: Re: Orca 3.30
Next by thread: Removing openjdk-9 from stretch-backports?
Index(es):
- Date
- Thread