On Tue, 2015-02-24 at 22:09 +0800, Paul Wise wrote: > I'm working on a response to this, we'll discuss it and reply when done. Hopefully the information below is useful, if there is anything more we would suggest doing an interview, perhaps at DebConf. The Debian System Administration (DSA) team is delegated to manage the infrastructure of the Debian project, including machines, core services and relationships with donors of equipment, services and hosting. In practice, a nine person team gets to work through a deluge of email, cron output, monitoring notifications, bouncing Debian member mail, hoster/vendor notifications, spam, weird mail, misdirected questions, hardware that fails to reboot, dying hardware, sick hardware, serial consoles, disk replacements, hardware donations, hardware purchasing, hardware sponsors, hosting sponsors, guest account requests, group member changes, inter-release compatibility issues, service admin prodding, security updates, inter-team co-ordination and much more. Our tools of the trade include Debian stable (and some backports), hardware capable of running amd64 VMs, entropy keys, ganeti, puppet, icinga, munin, ikiwiki, git, postgresql, apache, openldap, gnupg, openssh, bacula, ferm, sudo and a bunch of homegrown scripts. We are interested in automation, reliability, speed, privacy, security, resilience, longevity and try to balance these for the benefit of the Debian project, members, users, derivatives and the wider world. As we have a lot to deal with, we mostly leave the actual running of services to service admins but provide general guidance as well as specific guidance on a case-by-case basis. https://wiki.debian.org/ServicesHosting#Recommended_practices_for_Debian_services A recent achievement was modifying the update-ca-certificates code to allow for multiple X.509 certificate stores and adding puppet bits to ensure the 3 certificate stores we wanted are consistent between hosts. https://lists.debian.org/debian-services-admin/2014/12/msg00000.html An ongoing project is to replace our current old LDAP web/mail frontend with a new one based on Django. https://wiki.debian.org/Teams/DSA/UserdirLdapRewrite If anyone would like to reduce our workload, please take a look at and fix the various bugs that we have filed. https://bugs.debian.org/cgi-bin/pkgreport.cgi?users=debian-admin@lists.debian.org -- bye, pabs https://wiki.debian.org/PaulWise
Attachment:
signature.asc
Description: This is a digitally signed message part