Re: [Savannah-hackers] Re: about savannah reinstallation management

[Vincent Caron]

Hello,

  some non-technical words about the current situation. I've been 
involved with Savannah to a much lesser extent than Mathieu, and I think 
I have both an external and internal point of view on it.

  Savannah is a complex piece of software, which needs constant care 
and evolution. It has been developped and maintained collaboratively 
(from a software and sysadmin point of view), and I believe quite 
succesfully. On one side, you have 20,000 demanding Free Software 
developers, on the other side you have a small team of volunteers which 
are dedicated to keep the system running smoothly and fill in users' needs.

  I think it is important to keep in mind that Savannah is serving two 
'distinct' populations : first the GNU commnunity (GNU software and web 
pages management), then the Free Software community at large (ie. 
savannah.nongnu.org). It means that savannah.gnu.org is now an important 
part of the GNU project infrastructure, while savannah.nongnu.org is 
what I call the 'GNU educational stage' : this is where people learn 
about basics of copyright, licensing, GNU tools and philosophy, etc.

  The FSF has serious concerns with Savannah as a GNU infrastructure, 
and I understand it. But Savannah hackers have also serious concerns on 
how the 'all public' nongnu part is consequently handled. I think they 
rely on different management policies and different goals.

  The FSF had recently some headaches with security, it makes sense to 
make it a high priority now on Savannah since we discovered that 
intrusion. That might justify a long down time, and members of the GNU 
project - properly informed - will certainly understand the inconvenience.

  Savannah hackers consider their contribution as a technical and 
political one, ie. making a comfortable and broadly open platform for 
every people to hack Freely & together. Non-GNU is actively feeding the 
GNU project, by spreading the word about Freedom and making it easy for 
people to contribute (subscription on Savannah is heavily assisted by 
your servitors).

  From the point of view of Savannah hackers, we've been in a very 
uncomfortable situation these last two weeks. The machine we've been 
nursing day after day for a long time was suddenly unavailable, and we 
had very few informations about what was going on. We worked hard to 
make it a highly available service, and today we can't find a forgivable 
reason for a 2 weeks downtime. The announce message on savannah.gnu.org 
was very ackward : no apologies, out-of-topic political conerns about 
Debian, non-validating HTML; the feedback I had was 'plainly amateurish 
and irrespectful'. And, worst of all, we didn't know what to answer to 
our users, which rather complained than empathized as you could guess.

  Now I'm searching for a way out of this mess. And the time is 
counted, we're loosing contributors, users and energy for Savannah every 
day it stays down. More because of PR issues than the fact that we were 
compromised in the first place. I consider it a great loss for Free 
Software, and you could see I'm not the only one depressed. I foresee 
two possibilities :


  * We learn to work with each other better and closer.

    The past experience is sadly very bad : yes, FSF sysadmins can't 
handle most of the Savannah admin tasksin a timely manner; and no, we 
never managed to get access to the proper machines (mail, web) to help 
them although we have time and capacity for that. Mailing-list bugs are 
a chore to fix while they physically require only a dumb command to 
launch on the right machine. Web site update has not been functional for 
more than 6 months. Etc.

     The way the Savannah compromise was handled does not lead me to 
conclude for improvements here. However I am less sentimental than 
Mathieu on this issue and am certainly ready to discuss this issue 
openly. Because that would be simply the best solution for all of us.


   * Physically separate savannah.gnu.org and savannah.nongnu.org.

     This way we separate the different concerns. This is another 
machine to maintain though. To be more precise, nongnu.org could become 
a standalone installation (web+mail+cvs), this way Savannah hackers will 
have full control of the service and not compromise other GNU machines 
since it would not rely on them.


  I don't really expect Savannah will be working as before when it'll 
be back online. First, Mathieu is upset and we're in trouble if he stops 
contributing to Savannah. Second, if no discussion or action has been 
taken to improve our relationship on this issue, others might follow. We 
need happy hackers, not upset hackers.