Hi, After hearing many opinions and rethinking, I thought about somewhat agreeable plan for everyone participated in this discussion. I hope this is clear enough. Basic concept: * Gradual move to alioth.debian.org from gluck.debian.org * Give as much freedom to each owner of tree. * Transition without any service interruption * No 2 CVSROOTs required to track DDP (per project basis) * Single directory per project. (No funny split archive.) * Minimum red tape due to admin activity. * DDP restoration (initial) Restore DDP as it used to be at cvs.debian.org (gluck) without pserver as soon as Debian admin enable it. This will be the official DDP CVS. * manpages tree This has already moved activity to alioth.debian.org (quantz) and it should stay there. Currently no script run for this tree thus no issue. > Q: What to do with manpages tree at cvs.debian.org (gluck) * manuals.sgml/* activities I envision multi-phase gradual move. Every phase change requires at least 1 week advanced notice on ML. ===== Phase 1 ===== * cvs.debian.org (gluck) The cvs.debian.org (gluck) will be updated by the DDs as soon as it is available to DD. This is the official DDP CVS. The lack of reactivation by the Debian admin will not stop following action. The build script in each subdirectory needs to be reviewed for secure building of web pages. * alioth.debian.org (quantz) At this phase, this is optional service to DDP manual author community. Since some tree owners (like me) who gets frequent translation updates needs alioth.debian.org type cvs environment to continue activity with the translators, we will allow them to open CVS tree under /cvsroot/ddp/ddp/manuals/ at alioth.debian.org now. The new name of directory in alioth will match with the main web page starting directory name for the consistency. For those trees which the owner does not participate in alioth will have empty contents. The directory may be created manually by other PM other than the owner. (Those owner who feel strong may place a directory named "DO_NOT_USE_THIS" or similar to indicate his intents.) For those trees which the owner activates cvs in alioth will have RCS files copied from old DDP or other sources which the owner (PM) deems most secure and clean. This is done by scp/tar. Whoever is the owner of these active trees in alioth is responsible for updating gluck side of tree. If some script for the secure maintenance of archives are written, they should be put under /cvsroot/ddp/ddp/utils/script/* Proposed security infrastructure includes but not limited to: * MD5sum+GPG signature type file verification scheme for executable files. * CVS commit access control script via /CVSROOT/commitinfo ALL Also /cvsroot/ddp/ddp/Makefile needs to be updated to be secure. ===== Phase 2 ===== When the alioth gains build infrastructure with agreeable security fixes, and all sources are reviewed for the secure building in gluck or elsewhere, announcement of Phase 2 readiness will be made. All RCS files of all trees will be made available on alioth (If needed copied from gluck by the owner. If owner does not copy them within a week, then other PM will copy them.) At this phase these trees copied from gluck shall be read only (i.e. disable group write access to the directory). ===== Phase 3 ===== Request admin to redirect CVSROOT to alioth side. Wait for the admin to change cvs checkout script. Fix build glitches if needed. If the owner of tree chose to use gluck cvs as upstream, he can keep doing so up until now. ===== Phase 4 ===== As soon as the admin changes cvs checkout script to pint to alioth CVS, someone make announcement of freeze of cvs on gluck side. (We must wait for admin action to move to this phase.) Within a week, each owner shall copy latest RCS files from gluck to alioth and set their directories as group writable by ddp group. (This means removing old read only directories and their contents.) If owner does not copy them within a week, then other PM will perform this transition task. After this announce the success of transition. At this time, alioth.debian.org (quantz) becomes official CVS for DDP. Fix build glitches if needed. After a month or so, we can ask admin to do rm -rf all CVS files on gluck. Osamu NB: alioth is short for alioth.debian.org hosted at quantz gluck is short for gluck.debian.org and this host cvs.debian.org which used to host DDP CVS. Now DDP CVS is moved to /home/oldgluck. The "tree" means each unit directory tree such as "apt-howto", "developers-reference", "debian-reference" or "securing-debian-howto".
Description: Digital signature