[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: concerns about Salsa

On Thu, 2018-06-07 at 18:14 +0200, Tollef Fog Heen wrote:
> Packages does not imply automation (lots of people maintain machines
> by logging into each one and running apt by hand and $EDITOR on their
> configuration files; I suspect this applies to the majority of
> desktops and laptops by people on this list), and git repositories do
> not imply not-automation.  Those are simply transport mechanisms for
> bits and the level of automation you use is not decided by git-vs-
> packages.

No, distros are not "just transport mechanisms".  In particular they
allow security patch upgrades to be automated by doing several things. 
On is automatically scanning for them and installing them which some
rare packages do provide (eg, browsers) and the second is supplying
back ported security patches which gives a good enough guarantee it
will be backward compatible that I let them through without testing.

I'll drive the point home with yesterdays (literally yesterdays)
headline: "Three months later, a mass exploit of powerful Web servers
continues".  The headline is referring to the 1000's of unpatched
Drupal servers out there, unpatched because patching required upgrading
to the latest version which is too hard.  Wordpress sites using the
Debian package with unattended upgrades installed would likely have
been patched before news of the exploit made the headlines.

In a nod to Salsa's team, they have taken the road you suggest and
automated everything they can with Ansible.  And yes, it's true the
burden of supplying these security back patches may fall on them, so
packaging it would not save them time.  But that's how it works for
DD's - we don't do this for our benefit, it's the rest of the world
that benefits.

> For debian.org hosts, the choice is primarily a matter of privilege
> separation: Service owners generally don't have root on the hosts,
> and so if they are to be able to update the service configuration,
> the service must run as a user they have access to or we need to
> build control planes with access controls which allow service owners
> to control their service.  DSA has root on the hosts and maintain
> those but  we don't run all our services, so we'd rather not be on
> the critical path for updating various services (which we'd need to
> be if those came from packages).

I accept that's doesn't leave the Salsa team with much choice, but it
still leaves me scratching my head.  Containers / VPS's / VM have been
a thing for years now.  They solve this separation problem in a way
that reduces the workload for everyone.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: