Re: salsa.debian.org (git.debian.org replacement) going into beta
On Wed, 27 Dec 2017, Paul Sherwood wrote: > > - Github is proprietary, so we can not properly assess what is being done > to/with the repos, or who is doing it. While there might be other reasons to prefer using services from people who also publish free software, I don't think "properly assessing what is being done to/with the repos" is one of them. In both cases we we don't have access to their servers, so we cannot check that they are running exactly the same software they are publishing. So in both cases we have to trust them. ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: Please review the draft for week 139's blog post
On Wed, Dec 27, 2017 at 08:25:42AM +, Chris Lamb wrote: > > Which makes me wonder if we'll need to update all the old posts as well > > to still have valid links... > Nope. :) not yet :/ -- cheers, Holger signature.asc Description: PGP signature ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: salsa.debian.org (git.debian.org replacement) going into beta
On Tue, Dec 26, 2017 at 08:56:18AM +, Chris Lamb wrote: > I believe there are enough people in (or around) our community who dislike > Github (for a variety reasons not productive to debate/repeat again here) > that moving there would be problematic. ack. > However, as you imply, this would be the ideal time to somehow a bunch of > non Debian-specific repos to something outside of the Debian namespace. > It would be more convenient for me to to use salsa.debian.org, but I can > really see the appeal of moving to, for example, > https://gitlab.com/ReproducibleBuilds for anything not Debian-specific. gitlab.com is run+owned by Gitlab Inc., another company. Can you explain why people seem to like this better than this other thing by another company? -- cheers, Holger signature.asc Description: PGP signature ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds
Re: salsa.debian.org (git.debian.org replacement) going into beta
On 2017-12-25 22:25, Holger Levsen wrote: Hi reproducible Debian folks, I guess you have seen https://lists.debian.org/debian-devel-announce/2017/12/msg3.html which lead to this on -devel: On Mon, Dec 25, 2017 at 06:59:21PM +0100, Alexander Wirt wrote: On Mon, 25 Dec 2017, Holger Levsen wrote: > On Mon, Dec 25, 2017 at 11:45:37AM +0100, Alexander Wirt wrote: > > External users are invited to create an account on salsa. > do you plan importing the current -guest accounts from alioth? No. For us this could mean that we'll need to ask a bunch of non-Debian people to recreate accounts on salsa.d.o, at which point I expect a lot of "why don't we use github" questions, to which I'm not sure I have a good answer... At risk of stirring up some of the debate that Chris mentions, I have an answer, based on some experience: - Github is proprietary, so we can not properly assess what is being done to/with the repos, or who is doing it. - to make promises about the integrity of content at Github, we would be wise to maintain independent external mirrors of what we care about, and react to any attempt to re-write blessed branch histories in upstreams that we believe or need to be well-behaved. GitLab, being opencore, appears to avoid the proprietary problem and provides some excellent workflow tools. Even with GitLab I would still recommend keeping independent mirrors of all sources and watching for signs of tampering. We've been doing this for some time with the git.baserock.org repositories, for example. br Paul ___ Reproducible-builds mailing list Reproducible-builds@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/reproducible-builds