[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Switching the tracker to git

Hi Micah,

On Sun, Sep 14, 2014 at 07:06:46PM -0400, micah wrote:
> 
> Hello,
> 
> As it stands now, the security tracker is using subversion. 
> 
> Here are the facts as far as I can tell:
> 
> . people doing work on the tracker are using svn to commit
> . h01ger is doing a regular git-svn import of the tracker repository
> . there is a regular cron job run by joeyh that does the automatic updates:
>   joeyh r28744 data/CVE/list * automatic update
> . the web interface probably has some automated process to pull the
> latest updates over svn
> 
> My guess is that the only reason that subversion is still used is
> inertia and that people would be happier with git. However, I'm curious
> to know if anyone thinks otherwise?
> 
> I don't exactly have the time right now to volunteer for changing
> things, but I thought that the first step would be to see what people
> thought, and then maybe if it was clear what people's preferences were,
> perhaps someone might volunteer!

Yep basically it was the following: We discussed this at the security
team meeting were agreein on switching to git but it is not moving
forward due to lack of time and volunteers. But also it is not only
the repository but some components around which need to be considered,
as you pointed out above.

When converting the svn repository to git also a author name list
needs to be created just before making the move[1]. I was involved in
such a project for the Debian Perl Group svn to git conversion moving
~2000 packages in one svn repo to git. It is simpler here! :). Just
after the security team meeting I did an unofficial PoC for this, so
can confirm this works. We had a little amount of disussion about
this, but this unforunately part of it happend on the team alias
email, so was not public. I never went further ahead.

 [1] http://git-scm.com/book/en/Git-and-Other-Systems-Migrating-to-Git

http://anonscm.debian.org/cgit/collab-maint/secure-testing.git/.git/
is a start, but the repository needs to be properly converted by
generating an svn author list.

joeyh's cronjob needs to be moved to the role account which we have
now already. Raphael Geisert requested it.

The setup on soler (the security-tracker.d.o hosting host) will also
need adjustment to the conversion before we would go live (cronjobs,
checkouts triggered by commit mails, ...). The setup
there relies on the svn checkout right now, it is documented in the
soler.txt file in the repository.

SVN hooks needs to be convered. E.g. the one which does some sanity
check as precommit.

One other point we wanted to do (see the minutes from the meeting,
should be documented there) in one go was to rename the project from
secure-testing to something else, since it is long already not about
secure-testing. But this probably could be split. I have asked for
this alioth admins how easily we could rename an existing project to
something else, but have not got a reply on this.

Ah yes there is also
https://contributors.debian.org/source/Debian%20Security%20Tracker :)

It is in my pov good to move to git, There are some aspects which need
to be considered before the move, as we absolutely need to have a
working security-tracker instance for the security team's work. Work
was relatively hard and stalled in some parts when alioth wen down as
a example.

Regards,
Salvatore
Reply to: