Davor Ocelic wrote: > If I remember, we agreed to have stable on deleuze and testing > on mire. > > I also think that, form some point, I remember we agreed to also > put testing on deleuze.fo/hcoop-sysadmin
I don't want to commit to any claims about particular decisions, but knowing what I know now, I think that stable is the best choice for both. That fiasco with Apache really underscored for me how the Debian quality control processes will allow for catastrophic upgrades to creep into testing. The upgrade from Apache 2.0 to 2.2 involved changes in the accepted configuration format with no automated conversion of existing configuration and not even a warning that the format had changed; the result was just a failure when reloading the daemon, leaving the human upgrader in a panic wondering how to get Apache back up again. There was also apparently some bug with the PHP module that led to segfaults with no diagnostic information printed, the moment Apache was started. We REALLY don't want to be dealing with that on any server that is hosting member content, unless all members using it have agreed that they're willing to pay this price for cutting-edge software. (I know we have at least a few members for whom this is clearly not what they want.) There's also this goofyness with the forgetful Webalizer following an upgrade. > Justin Leitgeb wrote: > >Seems like mire would be OK for this... Do we need apache on deleuze > > for anything? I know that originally we thought about putting > > admin-only pages there, for user signup or something like that. Is this > > still the plan? > We said we'be serving static content from there, so yes. This may be another of those things that I've had set in my mind for months but never thought to send to the group. I have been working under the assumption that all web sites administered by our admins, existing for the use of members, will be on deleuze. A lot of web stuff is much easier to set up in such an environment, with no privilege separation, just the difference between "you are authorized to set things up" and "you aren't allowed to log in". For instance, the Debian SquirrelMail and Mailman packages set file permissions such that only www-data is able to run the associated web applications. On fyodor now, we need to run scripts to revert permissions after every upgrade. I'm sure there's a nicer "official Debian way" of handling this problem, but it's still easier to have a box that is administered in the traditional UNIX way, without all of our almost unique concerns related to sharing by mutually-untrusting users. _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
