On 2018-06-05 00:12, Wookey wrote:
On 2018-06-04 21:52 +0000, Clint Adams wrote:On Mon, Jun 04, 2018 at 12:54:32PM +0100, Ian Jackson wrote: > Salsa is hardly the first Debian production service to not be running > the packaged version of its primary application, and it won't be the > last. ftp.debian.org isn't running the packaged version of dak. No, this has been happening forever, and this failure to dogfood has also been a disservice to our users forever.Buildds don't run the packaged version either, and this contributes to it being much harder than it should be to set up local buildd infrastructure. There are good reasons for this from the admin's POV, but the side-effects are signifcant and I'd like us to try harder to use packaged stuff. But I've not done the necessary work myself, so can't really complain. I just observe that it is a real issue for people setting up their own CI infra. One day I may have the tuits to improve things in this area (I plan to start retiring soon, which might help, or may simply introduce different distractions :-)
I have been reimplementing buildd recently and we had this discussion again. As it turns out it's much desired by DSA not to do that, for a bunch of reasons, like the tripwires they set. So it seems that the preferred approach is now to use lingering and let users run their systemd services as their user. So I scrapped the original packaging plan and you end up with a systemd tree that is maintained either by an outside tool or from a git tree.
I still hold that as soon as you are running a production service of some kind you are likely better off not using packages from Debian. You need to respond to outages and patch things and actually be able to do code changes recently quickly in the limited time volunteers have. And using packages not from Debian proper is frowned upon on Debian infrastructure. And to some degree I guess rightly so - as long as we have no trusted infrastructure producing the moral equivalent to PPAs.
Now I don't say that it isn't valuable to have packages in case someone runs something in the background. Just like there should be a solid solution for repository management, there should be one for building. But the infrastructure needs of Debian itself are different.
Kind regards Philipp Kern