[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers] Re: about savannah reinstallation management
From: |
Vincent Caron |
Subject: |
Re: [Savannah-hackers] Re: about savannah reinstallation management |
Date: |
Tue, 16 Dec 2003 17:49:39 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031205 Thunderbird/0.4 |
Hello,
some non-technical words about the current situation. I've been
involved with Savannah to a much lesser extent than Mathieu, and I think
I have both an external and internal point of view on it.
Savannah is a complex piece of software, which needs constant care
and evolution. It has been developped and maintained collaboratively
(from a software and sysadmin point of view), and I believe quite
succesfully. On one side, you have 20,000 demanding Free Software
developers, on the other side you have a small team of volunteers which
are dedicated to keep the system running smoothly and fill in users' needs.
I think it is important to keep in mind that Savannah is serving two
'distinct' populations : first the GNU commnunity (GNU software and web
pages management), then the Free Software community at large (ie.
savannah.nongnu.org). It means that savannah.gnu.org is now an important
part of the GNU project infrastructure, while savannah.nongnu.org is
what I call the 'GNU educational stage' : this is where people learn
about basics of copyright, licensing, GNU tools and philosophy, etc.
The FSF has serious concerns with Savannah as a GNU infrastructure,
and I understand it. But Savannah hackers have also serious concerns on
how the 'all public' nongnu part is consequently handled. I think they
rely on different management policies and different goals.
The FSF had recently some headaches with security, it makes sense to
make it a high priority now on Savannah since we discovered that
intrusion. That might justify a long down time, and members of the GNU
project - properly informed - will certainly understand the inconvenience.
Savannah hackers consider their contribution as a technical and
political one, ie. making a comfortable and broadly open platform for
every people to hack Freely & together. Non-GNU is actively feeding the
GNU project, by spreading the word about Freedom and making it easy for
people to contribute (subscription on Savannah is heavily assisted by
your servitors).
From the point of view of Savannah hackers, we've been in a very
uncomfortable situation these last two weeks. The machine we've been
nursing day after day for a long time was suddenly unavailable, and we
had very few informations about what was going on. We worked hard to
make it a highly available service, and today we can't find a forgivable
reason for a 2 weeks downtime. The announce message on savannah.gnu.org
was very ackward : no apologies, out-of-topic political conerns about
Debian, non-validating HTML; the feedback I had was 'plainly amateurish
and irrespectful'. And, worst of all, we didn't know what to answer to
our users, which rather complained than empathized as you could guess.
Now I'm searching for a way out of this mess. And the time is
counted, we're loosing contributors, users and energy for Savannah every
day it stays down. More because of PR issues than the fact that we were
compromised in the first place. I consider it a great loss for Free
Software, and you could see I'm not the only one depressed. I foresee
two possibilities :
* We learn to work with each other better and closer.
The past experience is sadly very bad : yes, FSF sysadmins can't
handle most of the Savannah admin tasksin a timely manner; and no, we
never managed to get access to the proper machines (mail, web) to help
them although we have time and capacity for that. Mailing-list bugs are
a chore to fix while they physically require only a dumb command to
launch on the right machine. Web site update has not been functional for
more than 6 months. Etc.
The way the Savannah compromise was handled does not lead me to
conclude for improvements here. However I am less sentimental than
Mathieu on this issue and am certainly ready to discuss this issue
openly. Because that would be simply the best solution for all of us.
* Physically separate savannah.gnu.org and savannah.nongnu.org.
This way we separate the different concerns. This is another
machine to maintain though. To be more precise, nongnu.org could become
a standalone installation (web+mail+cvs), this way Savannah hackers will
have full control of the service and not compromise other GNU machines
since it would not rely on them.
I don't really expect Savannah will be working as before when it'll
be back online. First, Mathieu is upset and we're in trouble if he stops
contributing to Savannah. Second, if no discussion or action has been
taken to improve our relationship on this issue, others might follow. We
need happy hackers, not upset hackers.