Discussion:
Plannings for secure-testing repository migration to git
Salvatore Bonaccorso
2017-10-20 15:37:53 UTC
Permalink
Hi

This is intended only as quick heads-up on possible future work for
the next few weeks. As you might know alioth is going to be
decomissioned with the EOL of wheezy and soonish there will be
announced a replacement for the git services.

I did a preliminary git conversion, the data is found in
secure-testing/tools/git-migration/ in particularly a initially
created AUTHORS.txt file with then some manual cleanups.

The resulting git repository is at (and I occasionaly update it),
which can serve for a possible conversion:

https://gitlab.com/carnil/secure-testing/commits/master

(as you see there and in the README, I kept the git-svn-id for those
commits done in the subversion repository, that is good to have for
old references).

In secure-testing/TODO.gitmigration we maintain a list of todos to
keep in mind of when we plan for the svn to git migration of the
secure-testing project.

Please add there points which comes to your mind.

What we would desire is to keep the possibiltiy to keep the commit
mailinglists which is often used in team members commit review
processes.

Thanks for your attention so far, and I would be glad to hear
comments :)

Regards,
Salvatore
Paul Wise
2017-10-21 07:04:42 UTC
Permalink
Post by Salvatore Bonaccorso
What we would desire is to keep the possibiltiy to keep the commit
mailinglists which is often used in team members commit review
processes.
IIRC the folks who are working on the migration have said that commit
lists will be replaced with gitlab's commit notification features.
--
bye,
pabs

https://wiki.debian.org/PaulWise
Salvatore Bonaccorso
2017-12-26 14:29:08 UTC
Permalink
Hi

FTR, so now that the beta for salsa.d.o has been announced I started
to look on what further is needed and recorded further findings in
TODO.gitmigration.

As said, the conversion of the svn repository is just one part, and
this has been done and then later can be imported.

I suggest to as well create a new namespace and project name away from
secure-testing, namely use 'security-tracker', any objection to that?
The project can be shared with the Debian group, so any DD will get
automaticly write access to the security tracker. -guest users will
first need to create an account and then be added.

For the automatic updated of the sectracker user i was pointed to the
'deploy keys', so we do not need to enable a role account in salsa.
Post by Paul Wise
Post by Salvatore Bonaccorso
What we would desire is to keep the possibiltiy to keep the commit
mailinglists which is often used in team members commit review
processes.
IIRC the folks who are working on the migration have said that commit
lists will be replaced with gitlab's commit notification features.
Apart the notification feature, there seem to be as well a 'mail on
push' feature, which matches our need at least for the sectracker
user. Personally I still would have appreciated a commit mailinglist,
since at least Moritz' and mine's review work was done that way so
far. But I realize no option in this direction arised.

I will report back in the next days further updates.

I write mainly this mail as well since there was hardly no feedback on
my original mail, I would appreciate to hear concern, ideas, comments
from both main involved teams (security, lts).

Regards,
Salvatore
Moritz Mühlenhoff
2017-12-26 14:43:38 UTC
Permalink
Hi,
Post by Salvatore Bonaccorso
FTR, so now that the beta for salsa.d.o has been announced I started
to look on what further is needed and recorded further findings in
TODO.gitmigration.
Thanks for looking into this.
Post by Salvatore Bonaccorso
I suggest to as well create a new namespace and project name away from
secure-testing, namely use 'security-tracker', any objection to that?
The project can be shared with the Debian group, so any DD will get
automaticly write access to the security tracker. -guest users will
first need to create an account and then be added.
Sounds good to me.
Post by Salvatore Bonaccorso
Post by Paul Wise
Post by Salvatore Bonaccorso
What we would desire is to keep the possibiltiy to keep the commit
mailinglists which is often used in team members commit review
processes.
IIRC the folks who are working on the migration have said that commit
lists will be replaced with gitlab's commit notification features.
Apart the notification feature, there seem to be as well a 'mail on
push' feature, which matches our need at least for the sectracker
user. Personally I still would have appreciated a commit mailinglist,
since at least Moritz' and mine's review work was done that way so
far. But I realize no option in this direction arised.
How can it be configured who receives a mail on push? Is that a per
user setting?

Cheers,
Moritz
Salvatore Bonaccorso
2017-12-27 11:53:36 UTC
Permalink
Hi
Post by Moritz Mühlenhoff
Hi,
Post by Salvatore Bonaccorso
FTR, so now that the beta for salsa.d.o has been announced I started
to look on what further is needed and recorded further findings in
TODO.gitmigration.
Thanks for looking into this.
Very welcome, I did made some progress today.
Post by Moritz Mühlenhoff
Post by Salvatore Bonaccorso
I suggest to as well create a new namespace and project name away from
secure-testing, namely use 'security-tracker', any objection to that?
The project can be shared with the Debian group, so any DD will get
automaticly write access to the security tracker. -guest users will
first need to create an account and then be added.
Sounds good to me.
Ok I have done so, there is a security-tracker-team group, and below
that a project (aka. repository security-tracker) which will be the
converted git repository for the security-tracker.
Post by Moritz Mühlenhoff
Post by Salvatore Bonaccorso
Post by Paul Wise
Post by Salvatore Bonaccorso
What we would desire is to keep the possibiltiy to keep the commit
mailinglists which is often used in team members commit review
processes.
IIRC the folks who are working on the migration have said that commit
lists will be replaced with gitlab's commit notification features.
Apart the notification feature, there seem to be as well a 'mail on
push' feature, which matches our need at least for the sectracker
user. Personally I still would have appreciated a commit mailinglist,
since at least Moritz' and mine's review work was done that way so
far. But I realize no option in this direction arised.
How can it be configured who receives a mail on push? Is that a per
user setting?
That needs to be done by a project owner and is just a list of email
addresses to be forwarded the push notices via mail. Ideally there one
adds a commit mailinglist if we can have that.

sectracker role account defintively needs to recieve those either
directly by listing the user there or by having it subscribed to the
commits mailinglist.

Regards,
Salvatore
Holger Levsen
2017-12-26 15:36:31 UTC
Permalink
Post by Salvatore Bonaccorso
FTR, so now that the beta for salsa.d.o has been announced I started
to look on what further is needed and recorded further findings in
TODO.gitmigration.
\o/

thanks for doing this work!
Post by Salvatore Bonaccorso
[...] Personally I still would have appreciated a commit mailinglist,
since at least Moritz' and mine's review work was done that way so
far. But I realize no option in this direction arised.
I think a security-tracker-commit maillinglist does make sense on
lists.debian.org as the security tracker is a central part of Debian's
(security) infrastructure. I'd suggest to talk to listmasters about this
(unless you already done this, obviously).
--
cheers,
Holger
Moritz Mühlenhoff
2017-12-26 18:23:18 UTC
Permalink
Post by Holger Levsen
I think a security-tracker-commit maillinglist does make sense on
lists.debian.org as the security tracker is a central part of Debian's
(security) infrastructure. I'd suggest to talk to listmasters about this
(unless you already done this, obviously).
Alex mentioned that this is not desired by listmasters, but no
such request has been made.

So feel free to open a bugreport against lists.debian.org to start
that discussion.

Cheers,
Moritz
Salvatore Bonaccorso
2017-12-27 12:01:25 UTC
Permalink
Hi
Post by Holger Levsen
Post by Salvatore Bonaccorso
FTR, so now that the beta for salsa.d.o has been announced I started
to look on what further is needed and recorded further findings in
TODO.gitmigration.
\o/
thanks for doing this work!
Post by Salvatore Bonaccorso
[...] Personally I still would have appreciated a commit mailinglist,
since at least Moritz' and mine's review work was done that way so
far. But I realize no option in this direction arised.
I think a security-tracker-commit maillinglist does make sense on
lists.debian.org as the security tracker is a central part of Debian's
(security) infrastructure. I'd suggest to talk to listmasters about this
(unless you already done this, obviously).
I asked Alexander on IRC to see if our list would be eligible, but so
far I got no reply.

I think having the commits here on the debian-security-tracker list,
clutters the list too much for the bug recievings and discussions, so
I strongly would prefer a dedicated commits list for the commit
reviews.

Regards,
Salvatore

Loading...