Hi Rob, thanks for clarifying! I guess I just oversimplified what was said in our discussion. I'll try to summarize what you now wrote:
If there is a package for dbal/symfony/whatever in Ubuntu LTS, we have a good chance, but no guarantee, that TechOps is fine with deploying it. I understand that we are basically relying on the quality control and security vetting that (hopefully) goes into making LTS packages. Is that about right? daniel Am 09.09.2014 19:01, schrieb Rob Lanphier: > On Fri, Sep 5, 2014 at 2:01 AM, Daniel Kinzler > <[email protected]> wrote: >> Am 04.09.2014 20:03, schrieb Jeroen De Dauw: >>> I'm also curious to if WMF is indeed not running any CLI tools on the >>> cluster >>> which happen to use Symfony Console. >> >> As far as I know, no unreviewed 3rd party php code is running on the public >> facing app servers. Anything that has a debian package is ok. Don't know >> about >> PEAR... > > I probably misspoke in that conversation. > > There are two main review processes to get external dependencies > installed on the Wikimedia cluster. One way is by checking it in > somewhere in the source, and going through our code review process. > The other way is to get it deployed as part of the base operating > system. > > If you're going to go the source control route, then it needs to go > through code review. > > If you're going to go the operating system route, then TechOps will > make the call. I don't know everything that goes into their thought > process, but having a Debian package is a necessary (but not always > sufficient) means of getting it deployed. The value of relying on > packaging goes way down if you aren't prepared to use the version that > comes with the Ubuntu LTS versions. So, if you're thinking that "oh, > there's a package, great, let's now get them to upgrade to the > bleeding edge!", you're likely to be disappointed. Also, TechOps is > pretty stingy about what they accept responsibility for. > > TechOps tends to be skeptical of language specific tools such as PEAR, > Composer, npm, pip, CPAN, etc. When we use those things, we tend to > use them in conjunction with source control and the review process > there. > > Hope this helps. > > Rob > > _______________________________________________ > Wikidata-tech mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikidata-tech > -- Daniel Kinzler Senior Software Developer Wikimedia Deutschland Gesellschaft zur Förderung Freien Wissens e.V. _______________________________________________ Wikidata-tech mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikidata-tech
