On Sun, Sep 13, 2020 at 11:31 AM Thomas Deutschmann <whi...@gentoo.org>

> Hi,
> TL;DR: jstein asked council [Bug 729062] for a motion that any service
> and software which is critical for Gentoo should be developed/run in
> Gentoo namespace. Because any request to council must be discussed I
> volunteered to bring this topic to the mailing list (sorry for the huge
> delay!).
> Problem
> =======
> You maybe all remember what happened to stable-bot: Years ago,
> kensington created stable-bot on his own as PoC which revolutionized the
> way how we do package stabilization in bugzilla. The service run on his
> own infrastructure. Because of the benefit of the service the bot
> provided, arch team’s workflow became dependent on stable-bot. We were
> lucky that stable-bot just worked most of the time until the service was
> down for a while. Nobody was able to help here: Kensigton himself was
> unavailable, nobody had the sources… the end of the story: mgorny
> created nattka which replaced stable-bot.
> However, we are still facing the same problem: Only one person is
> involved in development and knows how to run it. In case something will
> break again and Michał will be unavailable, we can’t just push a fix and
> watch a CI pipeline picking up and deploying new nattka. Instead someone
> will have to fork repository from Michał’s private repository at GitHub,
> make the changes and hope that anyone within infrastructure team can
> help to deploy fixed nattka.
> This is what the motion is about: This is not about that Gentoo depends
> on single persons or things like that. It’s about the idea to
> *formalize* the requirement that any service and software which is
> critical for Gentoo (think about pkgcore) should live within Gentoo
> namespace (https://gitweb.gentoo.org/), i.e. be accessible for *any*
> Gentoo developer and deployments should be based on these repositories.
> Or in other words: Make sure that we adhere to social contract even for
> critical software and services Gentoo depends on. So that we will never
> ever face the situation that something we depend on doesn’t work
> anymore. Taking care of working pipelines before something is broken
> should also help us in case something stops working so we don’t have to
> figure out how to fix and re-deploy when house is already burning (like
> portage: In case Zac can't do a release for some reason, in theory,
> every Gentoo developer would be able to roll a new release).

I think your examples are a bit weird.

Is openrc critical to Gentoo? it doesn't live on our infra.
Is pkgcore critical to Gentoo? it doesn't live on our infra.

Note that these are just packages, not services and the social contract
just says
"""However, Gentoo will never depend upon a piece of software or metadata
unless it conforms to the GNU General Public License, the GNU Lesser
General Public License, the Creative Commons - Attribution/Share Alike or
some other license approved by the Open Source Initiative."""

It says nothing about where things are hosted or how services are provided.

I'd consider splitting the two here. For packages I don't think it matters
as much where they are hosted. Most things can be mirrored into gentoo (if
we want a copy of the src tree) and we also have tarballs of the source
code much of the time on the mirror network.

For services, I tend to agree more with your comments; we need need
visibility and operational capability for services. When we rely on service
components where the source is not available; its bad. But we rely on
numerous services now. E.g. p.g.o relies on repology. Does that mean we
need the source code to repology? I assume not. Does that mean we need to
run our own repology? Also I assume not.


> See also:
> =========
> Bug 729062: https://bugs.gentoo.org/729062
> --
> Regards,
> Thomas Deutschmann / Gentoo Linux Developer
> C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5

Reply via email to