Re: Finding new home for our builds and other security sensitive stuff
On Mon, Mar 07, 2022 at 06:28:15PM +0100, Bastian Blank wrote:
> On Mon, Mar 07, 2022 at 07:38:50AM -0800, Noah Meyerhans wrote:
> > On Mon, Mar 07, 2022 at 12:11:37PM +0100, Bastian Blank wrote:
> > > I was talking about a Vault for our secrets. That's the priority now.
> > At the moment, yes, but earlier in the thread was discussion of needing
> > ~50 GB of storage and a private Gitlab instance. That's the scenario I
> > want to avoid. It's bad enough that Debian owns one Gitlab
> > installation. A second one isn't going to reduce the burden of doing
> > so.
>
> You can even side track a thread in two e-mails. And we talked about
> using another instance, not necessarily our own. Debian even got
> several Jenkins installation.
I know you're passionate about this, and that's great - but the sniping isn't
called for. It als makes it harder to understand. I think you're saying that
you don't intend on starting a new Gitlab instance just for us, just vault for
now. Is that correct?
We have a meeting scheduled this week, if it's easier to discuss on a call,
that's fine too.
> What do we need?
I agree this is the right question. Basically, we need:
1. source code hosting
2. ci pipelines
3. secret storage
IMO salsa is doing well for #1 and #2 - even with an occasional outage or
falling behind in upgrades. But I also agree that even patched, the delay
between upgrades cycle makes it too risky for #3.
Ross
Reply to: