On Thu, 2018-06-07 at 18:14 +0200, Tollef Fog Heen wrote: > Packages does not imply automation (lots of people maintain machines > by logging into each one and running apt by hand and $EDITOR on their > configuration files; I suspect this applies to the majority of > desktops and laptops by people on this list), and git repositories do > not imply not-automation. Those are simply transport mechanisms for > bits and the level of automation you use is not decided by git-vs- > packages. No, distros are not "just transport mechanisms". In particular they allow security patch upgrades to be automated by doing several things. On is automatically scanning for them and installing them which some rare packages do provide (eg, browsers) and the second is supplying back ported security patches which gives a good enough guarantee it will be backward compatible that I let them through without testing. I'll drive the point home with yesterdays (literally yesterdays) headline: "Three months later, a mass exploit of powerful Web servers continues". The headline is referring to the 1000's of unpatched Drupal servers out there, unpatched because patching required upgrading to the latest version which is too hard. Wordpress sites using the Debian package with unattended upgrades installed would likely have been patched before news of the exploit made the headlines. In a nod to Salsa's team, they have taken the road you suggest and automated everything they can with Ansible. And yes, it's true the burden of supplying these security back patches may fall on them, so packaging it would not save them time. But that's how it works for DD's - we don't do this for our benefit, it's the rest of the world that benefits. > For debian.org hosts, the choice is primarily a matter of privilege > separation: Service owners generally don't have root on the hosts, > and so if they are to be able to update the service configuration, > the service must run as a user they have access to or we need to > build control planes with access controls which allow service owners > to control their service. DSA has root on the hosts and maintain > those but we don't run all our services, so we'd rather not be on > the critical path for updating various services (which we'd need to > be if those came from packages). I accept that's doesn't leave the Salsa team with much choice, but it still leaves me scratching my head. Containers / VPS's / VM have been a thing for years now. They solve this separation problem in a way that reduces the workload for everyone.
Description: This is a digitally signed message part