PSSC = Product Security Supply Chain, the paperwork-intensive and acronym-happy sub-sect of Product Security.
For example, see https://groups.google.com/u/1/a/redhat.com/g/PSSC-Announce/c/56WCwggY-w4?hl=en&pli=1 Nick On Fri, Jan 21, 2022 at 8:52 AM Max Rydahl Andersen <[email protected]> wrote: > On 20 Jan 2022, at 22:13, Nick Boldt wrote: > > > Thanks, CodeReady Workspaces & Eclipse Che concerns added to > > > https://docs.google.com/spreadsheets/d/1SXlCkp_Ok0vw1ArCA8UjpWAyfqQLfZ96rK3ridnB1Eo/edit#gid=0 > > Thanks. > > > > > > > If PSSC proposes a new place to host these files that's safe enough for > > supply chain security concerns, we can move our content to a new host. > > > > Has anyone from PSSC been looped in on this? > > PSSC? > > /max > > > Nick > > > > > > On Thu, Jan 20, 2022 at 3:03 PM Max Rydahl Andersen <[email protected] > > > > wrote: > > > >> More updates. > >> > >> Please See spreadsheet and add the sites You want us to be aware about > and > >> what issues/concerns You have. > >> ---------- Forwarded message ---------- > >> *From:* Mark Newton <[email protected]> > >> *Date:* 20 Jan 2022, 16:48 +0100 > >> *To:* [email protected] > >> *Cc:* Core, The <[email protected]> > >> *Subject:* Re: [IMPORTANT INFORMATION - PLEASE READ] jboss.org PHX2 > >> Shutdown > >> > >> Hi Andrew, > >> > >> Apologies for the delay in responding. A number of similar concerns have > >> been raised by other people in this thread and elsewhere so we wanted to > >> make sure we created one response that addressed all of them. > >> > >> > >> 1. > >> > >> You’re correct that the current work in progress is simply a > >> relocation of the SFTP and rsync services that constitute > >> filemgmt.jboss.org to another place. That was going to be OpenShift > in > >> IAD2 but due to issues provisioning the services there we’re now > using > >> OpenStack in IAD2. I’ll address accessing the content at URLs > serviced by > >> filemgmt.jboss.org below. > >> > >> > >> > >> 1. > >> > >> As filemgmt.jboss.org is used to upload content and all the other > >> domains are used to access/read content they are being treated > differently. > >> 1. > >> > >> Some domains such as developer.jboss.org which used to be served > by > >> a Jive server (forums, wiki and blogs) have been archived in the > sense that > >> the webpages are now flat HTML as we’ve decommissioned Jive. The > Confluence > >> server at docs.jboss.org/author (used to create project > >> documentation) is another example of this. > >> 2. > >> > >> Other domains like doc.jboss.org (without the /author path) and > >> issues.jboss.org have been moved to spaces.redhat.com and > >> issues.redhat.com respectively as the Confluence and JIRA servers > >> behind them are now owned by the Portfolio Lifecycle Management > team in > >> Engineering. Due to an error redirecting traffic from > docs.jboss.org > >> to spaces.redhat.com that didn’t account for subpaths, some of > the > >> project documentation available at docs.jboss.org/<project> was > >> temporarily unavailable (as it was redirected to > spaces.redhat.com) > >> but we’ve since fixed this. > >> 3. > >> > >> www.jboss.org is now owned by MW Engineering who use GitHub to > >> author content instead of the Magnolia CMS which has been > shutdown. > >> 4. > >> > >> static.jboss.org and <project>.jboss.org (along with some > >> <project>.org domains) use Apache httpd servers which are being > relocated > >> from virtualized machines in PHX2 to OpenShift in IAD2. > >> > >> > >> > >> 1. > >> > >> Content made available from the URLs mentioned in item 2 above will > >> continue to be be accessible after Dec 2022 but without further > action > >> those domains will be considered archived in the sense that you will > no > >> longer be able to upload content there (as filemgmt.jboss.org is > >> currently scheduled to be shutdown at the end of Dec 2022). > >> > >> > >> > >> 1. > >> > >> What this means for projects like Byteman that have content at > >> byteman.jboss.org is that they would need to move to another hosting > >> provider like GitHub Pages ***by the end of Dec 2022*** if they > wanted to > >> continue uploading content to their domain. I understand we can move > >> subdomains like byteman.jboss.org to GitHub while keeping other > >> jboss.org subdomains hosted by Red Hat. As such you wouldn’t have to > >> *personally* host your own web/file service but you would be > expected to > >> perform the migration along with any necessary maintenance after > that. We > >> will provide some instructions in Confluence on how to move to > GitHub Pages > >> as we’ve already done this ourselves for some legacy projects to > reduce the > >> amount of Akamai configuration needed for the overall jboss.org > >> migration out of PHX2. > >> > >> > >> Max Andersen has also raised concerns about the impact of these changes > to > >> DevTools as they use downloads.jboss.org to serve tooling binaries > which > >> are considered pseudo-products and therefore treated differently from > >> projects. This argument may impact whether or not we keep the content > >> upload service at filemgmt.jboss.org living beyond Dec 2022 but the > most > >> appropriate solution still needs to be determined and project teams are > >> still encouraged to move their project sites to GitHub Pages if > possible as > >> that service is actively developed to provide modern project site > hosting > >> capabilities. > >> > >> Ultimately we’re trying to establish the most appropriate balance of > >> product/project concerns in terms of what Red Hat should be providing > >> services for. Given all the recent reorganizations across the company to > >> focus on capturing the Open Hybrid Cloud market the hosting of community > >> projects is not something that is being considered part of our core > >> business. As such we should look to externalize it if possible using > >> companies that do treat it as their core business such as GitHub. > >> > >> It’s less clear cut to say that services such as Nexus and downloads for > >> dev tooling, that are used in the overall software productization > process > >> or in support of our products, shouldn’t be provided by Red Hat which is > >> why we’re having conversations with the related teams to determine the > most > >> appropriate outcomes. > >> > >> Max has started the following spreadsheet for MW Engineering to > >> co-ordinate what the plans are for various jboss.org domains following > >> the PHX2 shutdown so there’s one place to go: > >> > >> > >> > https://docs.google.com/spreadsheets/d/1SXlCkp_Ok0vw1ArCA8UjpWAyfqQLfZ96rK3ridnB1Eo/edit#gid=0 > - > >> *.jboss.org transition > >> > >> I hope this helps to clear things up a bit. > >> > >> > >> Mark > >> > >> > >> > >> On Thu, 20 Jan 2022 at 11:42, Andrew Dinn <[email protected]> wrote: > >> > >>> Hi Mark (Newton), > >>> > >>> Is that just the sound of tumbleweeds rolling down main street on an > >>> east wind that I can hear? Or did I miss a response to the questions > >>> below? > >>> > >>> I really need to know the answers to these questions quite soon, > >>> especially question 4, and I am sure I am not alone in that regard. > >>> > >>> If projects are really being expected to find somewhere to store > >>> web/download content then that's going to require time to plan, not > >>> simply to provision the relevant services but also to deal with the > >>> disruption (both to project processes and to users) that may arise from > >>> having existing content relocated. > >>> > >>> Can we please have some clarification and advice here? > >>> > >>> regards, > >>> > >>> > >>> Andrew Dinn > >>> ----------- > >>> > >>> On 17/01/2022 11:06, Andrew Dinn wrote: > >>>> Can you be more explicit about a few points made in this post: > >>>> > >>>> 1) Is the current work in progress simply a relocation of > >>>> filemgmt.jboss.org to a virtualized server running inside OpenShift > in > >>>> IAD2? Or does it actually entail disabling access to content addressed > >>>> with URLs based on the name filemgmt.jboss.org before or by 31 March? > >>>> > >>>> 2) Is the story regarding current WIP for docs.jboss.org, > >>>> developer.jboss.org, www.jboss.org, static.jboss.org, and > >>>> project.jboss.org the same as for filemgmt.jboss.org If not then what > >>> is > >>>> the difference? > >>>> > >>>> 3) Are you saying that all content made available via URLs based on > the > >>>> above list of names will need to be relocated to servers provided by > the > >>>> relevant projects before end of Dec 2022? > >>>> > >>>> 4) What does this mean for projects like Byteman that essentially > belong > >>>> within JBoss/Red Hat? Am I expected *personally* to host my own > web/file > >>>> service to serve Byteman related content? Am I also expected to > provide > >>>> my own domain and/or relocate the content from byteman.jboss.org Or > is > >>>> there some common Red Hat server resource I can use which keeps the > >>>> content in the jboss domain? > >>> > >>> > >> > >> -- > >> Mark Newton > >> Director, Customer Digital Experience > >> Red Hat > >> +44 7795 520655 > >> > >> _______________________________________________ > >> Devtools mailing list > >> [email protected] > >> https://listman.redhat.com/mailman/listinfo/devtools > >> > > > > > > -- > > > > Nick Boldt (he/him/his) > > > > Principal Software Engineer, RHCSA > > > > Productization Lead :: CodeReady Workspaces > > > > IM: @nickboldt / @nboldt / https://divbyzero.neocities.org > > <https://red.ht/sig> > > TRIED. TESTED. TRUSTED. <https://redhat.com/trusted> > > @ @redhatnews <https://twitter.com/redhatnews> Red Hat > > <https://www.facebook.com/RedHatInc> > > <https://www.facebook.com/RedHatInc> > > > > > > “The Only Thing That Is Constant Is Change” - Heraclitus > > /max > https://xam.dk/about > > -- Nick Boldt (he/him/his) Principal Software Engineer, RHCSA Productization Lead :: CodeReady Workspaces IM: @nickboldt / @nboldt / https://divbyzero.neocities.org <https://red.ht/sig> TRIED. TESTED. TRUSTED. <https://redhat.com/trusted> @ @redhatnews <https://twitter.com/redhatnews> Red Hat <https://www.facebook.com/RedHatInc> <https://www.facebook.com/RedHatInc> “The Only Thing That Is Constant Is Change” - Heraclitus
_______________________________________________ Devtools mailing list [email protected] https://listman.redhat.com/mailman/listinfo/devtools
