Talk:Packaging

WMF code
"support tracking of the latest WMF code (pretty much in sync with WMF deploys)" Why is this a goal? Why would anybody else want to run the code that WMF runs (as opposed to master or latest point of master which has passed integration tests as well). Also, WMF runs multiple versions simultaneously.--Nikerabbit (talk) 12:45, 19 March 2014 (UTC)


 * Projects like Parsoid with fairly good tests are following a continuous deploy system (twice a week in the case of Parsoid). Before each deploy, we currently ensure that slow round-trip testing on 160k pages looks good (takes a few hours), so the deployed code gets more thorough testing than master which passed through CI tests only (still something like 12k test cases). Eventually we'd like to perform the slow-test vetting automatically, so that we can automatically upload nightlies if the test run was successful.


 * Multiple versions can be supported in many ways. The main mechanisms I see for this are discussed in the wiki page. Do you see a case where that won't work? -- Gabriel Wicke (GWicke) (talk) 00:44, 20 March 2014 (UTC)

Developer upload
"normal developers can upload new packages"

I am highly skeptical of this. Packages install things directly on the system, and the installation process is being run directly by root. So apart from all the problems that pre or post installation/removal scripts can cause (and someone might argue that they can be solved by having those in different repos with different procedures, vetting and so on) the files installed directly by the packages can also cause problems (suid binaries, backdoors etc). Again you can argue that procedures vetting etc can avoid such issues but it only takes one error and here's your full system compromise.

I also suspect that it will be requested at some point (maybe not at first) that such a repo will override vendor ones (cause of some software being backported/forwardported or something of that nature). So it then becomes possible to cause even more mayhem by overriding a package provided by system (yes a full system compromise is still the worst possible scenario, but others exist that will cause problems - that library that was updated in good will and all, but...)

So while I understand the need to allow normal developers to update the repo so that many blockers are lifted, I am not sure this is the sanest approach.