[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: DDP project on Alioth



On Fri, Jan 30, 2004 at 10:38:35PM +0100, Osamu Aoki wrote:
> > I already asked for this and it should have been done _before_ moving the
> > DDP project for Alioth. I could only check the latest HEAD branch against
> > several HEAD copies (mine included) and all changes looked ok to me, but
> > was not able to review all the history for the scripts.
> 
> OK, ... but realistically what is the danger to have non-HEAD branch
> containing malicious data.  If it is script, there may be remote chance
> but if it is document itself, I see almost null chance.

As Joy said already, and I do agree. There's no danger in not checking 
non-HEAD branches of documents, there is a slight problem with scripts, 
specially since those get run on our infraestructure. Both HEAD and history 
should be carefully reviewed. It's not something I demand, it is something 
that debian-admin demands for all CVS services before they are restored. 

> > That would be all the list of 'users' in the old CVSRoot. You could also
> > gather one based on the history of changes of all the documents. BTW, have
> > you contacted the translation teams at all?
> 
> He is doing it now.  DDP members active are supposed to be reading this
> list.  It is good way to ping actives.

There are DDP members that are not reading the list. Notably, a number of 
translators are probably not subscribed to this list.

> I am practical.  I am not pushing this.  What is wrong to move to
> alioth.  It is CVS afterall.  Just different hostname.

I'm not against moving stuff to Alioth, as I've already said. I'm against 
doing it without contacting everyone, also without following the steps 
requested by Debian admins:
http://lists.debian.org/debian-devel-announce/2003/debian-devel-announce-200312/msg00001.html
(see "When is [my/foo] service coming back(, you [etc.])?"

> > Do you have a clear plan on how to have gluck regenerate all the 
> > documentation in HTML format based on the Alioth sources? Have 
> > you discussed this with debian-admin@? 
> 
> Yes, that a goos idea.  Ask them to provide tar of CVSROOT.  Wait... it
> looks like everything has moved.  I do not see it on gluck.  :-)  I
> guess Francesco or Pierre relocated it already.

¿? I'm not talking about they providing a tar, I'm talking about how is 
www.debian.org/doc going to get updated when the sources are up at Alioth. 
Since gluck had both the CVS and the the WWW repository it was trivial to 
have a cronjob to run the stuff, I'm not that sure admin's will like to run 
scripts in gluck that are extracted from Alioth in a cronjob, that has a 
lot of potential for abuse.

> 
> > Also notice that for some users of the DDP, including myself, the history 
> > is as important as the documents themselves. Please preserve it too.
> 
> I understand this but I assume your interest is mostly document SGML.
> Am I wrong?

Yes, the history of scripts is also important.

> I agree that this is not a decission to be taken lightly.  But I
> appreciate initiative and efforts taken by the people who put their
> efforts.

I appreciate initiative and effort when done properly. This is not being 
done properly.

> You know, having working CVS is better than nothing for DDP.

Having a CVS that doesn't get published anywhere defeats the whole purpose 
of the DDP.

Regards

Javi

Attachment: signature.asc
Description: Digital signature


Reply to: