Re: [Tails-project] Questions about the GitLab migration[W…

Delete this message

Reply to this message
Author: u
Date:  
To: tails-project
Subject: Re: [Tails-project] Questions about the GitLab migration[Was: Brainstorm by Nov 27 — Criteria for choosingwhich GitLab we will use]
Hi,

On 28.11.19 10:56, intrigeri wrote:

> u:
>> I also have some more pragmatic/practical questions:
>
>> - What will happen to our encrypted repositories?
>
> Formally speaking, wrt. Git repositories, the scope of this GitLab
> migration project is restricted to public ones, so private
> repositories (be them encrypted or not) are not supposed to be
> migrated initially.
>
> The way I see it, migrating private repositories would require
> a dedicated discussion (even if we leave them end-to-end encrypted),
> which personally I'd rather postpone, in order to focus for the time
> being on the various other — potentially complicated — discussions
> this GitLab migration will require.


I guess my question relies on an unknown: Would that work technically,
to leave them end-to-end encrypted and migrate them to one of the three
Gitlab instances that you started discussing with? Or: how would that
technically work? I understand that the Gitlab instance we will use
would not be able to read the contents of these repositories, unless we
drop encryption for them. I think that I would need to understand the
technical implications to be able to really participate in this
discussion. If I have only partial information, I will not be able to
make an informed comment.

>> - Will the Gitlab instance only be used for tickets related to encrypted
>> repositories? How do we guaruantee confidentiality for those? What
>> other solutions might there be?
>
> I don't understand your first question as-is, but I can make sense of
> it if I ignore "only" in this sentence. Should I?


I think this relates to the question above.

I'll give you an example, to clarify. At some point you had the idea to
migrate the fundraising repository to a Gitlab instance. This repository
is currently end-to-end encrypted. If we would migrate this repository,
would the Gitlab instance then only be used for handling tickets related
to fundraising.git as Gitlab would not be able to read the contents of
this repository? And if we have tickets containing confidential
information on a Gitlab instance, how do we guarantee their contents
stays confidential? (There might be payment information in it, or
similar quite personal details.)

>> - Will the Gitlab instance become our main Git repository home or will
>> we still have repositories at immerda.ch?
>
> Good question! tl;dr: I don't know yet and community input may help
> us make better decisions on this front.
>
> As a starting point, here's how we defined internally the scope of
> this project:
>
>  - Make GitLab merge requests the default supported way to handle
>    code, documentation, and website proposed changes for the main
>    Tails Git repository

>
>  - Make GitLab merge requests the default supported way to handle
>    proposed changes for some, if not all, of Tails' other public
>    repositories, including at least: Greeter, Installer,
>    Upgrader, perl5lib, persistence-setup, verification-extension;
>    and ideally, submodules of tails.git, such as pythonlib

>
> In order to make GitLab merge requests the "default supported way to
> handle proposed changes", the only really viable way is to host the
> canonical copy of these repositories on GitLab. Therefore, we must
> migrate to GitLab the repositories listed above.


Ok.

> But for our other public repos, the "some, if not all, of Tails' other
> public repositories" phrasing intentionally gives us some flexibility,
> which IMO is good because it allows us to adjust the exact scope of
> the migration to:
>
> - What resources we'll have available to do the work.
> - What the community wants.
>
> Personally, at this point:
>
>  - I guess that migrating 20 repos won't take significantly
>    more time than migrating 10. But I could be missing something.

>
>  - I believe that migrating all public repos to GitLab would make it
>    easier to write, update, read, follow, and understand our
>    contributors documentation.


I agree with your reasoning.

One could also use this migration to clean up repositories of
contributors who have not contributed in >$years.

> So if we can, I'd like to migrate all our public repos to GitLab,
> except perhaps personal repositories that are a very different
> kind of thing.
>
> It's also possible that we later discover extra constraints that lead
> us to make exceptions and leave some more stuff at immerda.


Ok.

>> And if yes, what will be the relation between these two homes?
>
> I'm not sure at this point. If we end up leaving some repos at
> immerda, I assume the relation would be similar to what we currently
> have (we already have 2+ hosting places for our Git repos and thus
> need to document the exceptions).
>
> Do you have specific desires, concerns, or fears about this relation?


My only concern is to clearly document the changes and new expectations
somewhere. ?eople who currently use the repositories could receive an
email pointing them specifically to this documentation, in order to
guarantee that everyone is aware of the changes of habit this might imply.

- u.