Hi,
After hearing many opinions and rethinking, I thought about somewhat
agreeable plan for everyone participated in this discussion.
I hope this is clear enough.
Basic concept:
* Gradual move to alioth.debian.org from gluck.debian.org
* Give as much freedom to each owner of tree.
* Transition without any service interruption
* No 2 CVSROOTs required to track DDP (per project basis)
* Single directory per project. (No funny split archive.)
* Minimum red tape due to admin activity.
* DDP restoration (initial)
Restore DDP as it used to be at cvs.debian.org (gluck) without pserver
as soon as Debian admin enable it. This will be the official DDP CVS.
* manpages tree
This has already moved activity to alioth.debian.org (quantz) and it
should stay there. Currently no script run for this tree thus no issue.
> Q: What to do with manpages tree at cvs.debian.org (gluck)
* manuals.sgml/* activities
I envision multi-phase gradual move. Every phase change requires at
least 1 week advanced notice on ML.
===== Phase 1 =====
* cvs.debian.org (gluck)
The cvs.debian.org (gluck) will be updated by the DDs as soon as it is
available to DD. This is the official DDP CVS. The lack of reactivation
by the Debian admin will not stop following action.
The build script in each subdirectory needs to be reviewed for secure
building of web pages.
* alioth.debian.org (quantz)
At this phase, this is optional service to DDP manual author community.
Since some tree owners (like me) who gets frequent translation updates
needs alioth.debian.org type cvs environment to continue activity with
the translators, we will allow them to open CVS tree under
/cvsroot/ddp/ddp/manuals/ at alioth.debian.org now.
The new name of directory in alioth will match with the main web page
starting directory name for the consistency.
For those trees which the owner does not participate in alioth will have
empty contents. The directory may be created manually by other PM other
than the owner. (Those owner who feel strong may place a directory
named "DO_NOT_USE_THIS" or similar to indicate his intents.)
For those trees which the owner activates cvs in alioth will have
RCS files copied from old DDP or other sources which the owner (PM)
deems most secure and clean. This is done by scp/tar.
Whoever is the owner of these active trees in alioth is responsible for
updating gluck side of tree.
If some script for the secure maintenance of archives are written, they
should be put under /cvsroot/ddp/ddp/utils/script/*
Proposed security infrastructure includes but not limited to:
* MD5sum+GPG signature type file verification scheme for executable
files.
* CVS commit access control script via /CVSROOT/commitinfo ALL
Also /cvsroot/ddp/ddp/Makefile needs to be updated to be secure.
===== Phase 2 =====
When the alioth gains build infrastructure with agreeable security
fixes, and all sources are reviewed for the secure building in gluck or
elsewhere, announcement of Phase 2 readiness will be made.
All RCS files of all trees will be made available on alioth (If needed
copied from gluck by the owner. If owner does not copy them within a
week, then other PM will copy them.) At this phase these trees copied
from gluck shall be read only (i.e. disable group write access to the
directory).
===== Phase 3 =====
Request admin to redirect CVSROOT to alioth side.
Wait for the admin to change cvs checkout script.
Fix build glitches if needed.
If the owner of tree chose to use gluck cvs as upstream, he can keep
doing so up until now.
===== Phase 4 =====
As soon as the admin changes cvs checkout script to pint to alioth CVS,
someone make announcement of freeze of cvs on gluck side. (We must wait
for admin action to move to this phase.)
Within a week, each owner shall copy latest RCS files from gluck to
alioth and set their directories as group writable by ddp group.
(This means removing old read only directories and their contents.)
If owner does not copy them within a week, then other PM will perform
this transition task. After this announce the success of transition.
At this time, alioth.debian.org (quantz) becomes official CVS for DDP.
Fix build glitches if needed.
After a month or so, we can ask admin to do rm -rf all CVS files on
gluck.
Osamu
NB: alioth is short for alioth.debian.org hosted at quantz
gluck is short for gluck.debian.org and this host cvs.debian.org
which used to host DDP CVS. Now DDP CVS is moved to /home/oldgluck.
The "tree" means each unit directory tree such as "apt-howto",
"developers-reference", "debian-reference" or
"securing-debian-howto".
Attachment:
signature.asc
Description: Digital signature