Code Hosting, Development Tools and Open Source

Tim Flink tflink at redhat.com
Tue Oct 15 18:23:31 UTC 2013 

On Tue, 15 Oct 2013 11:22:34 -0400 (EDT)
Kamil Paral <kparal at redhat.com> wrote:

> > I've been kicking this idea around for a bit and have chatted a
> > little with people on IRC but as we're looking to start up
> > development on taskbot, I want to have a larger discussion on two
> > issues: where do we host code and what do we want to use for dev
> > support tools (issue tracking, code review etc.).
> 
> My thoughts:
> 
> * We should avoid self-hosting as much as possible. If we consider
> something self-hosted, it should be far better than something managed
> by a third-party.

I had a similar conversation with handsome_pirate yesterday in
#fedora-qa and while I agree with it in principle, I prefer to phrase
it as making sure that any benefits we get from a self-hosted tool
outweigh the costs of maintenance

> * Anonymous viewing is a must for an open-source.

Agreed that this is a show-stopper. Stuff _has_ to be anonymously
viewable or there's not much more of a conversation to be had.

> * FAS integration is ideal, but not strictly necessary, if we use a
> widely popular service (like github). If we force people to create an
> account in our self-hosted service just to report a bug, we won't
> receive many bug reports.

Yeah, I really don't want to do self-contained auth for the long term. I
have enough accounts and passwords as it is and have no desire for more
to keep track of. Using some non-FAS external auth would be better than
self-contained.

> As you described Phabricator, it doesn't seem to be ready yet (no
> anonymous viewing, no FAS integration). I might have misunderstood
> something, but were you considering to implement that? That doesn't
> sound as a few days task. If the two issues were not there, I'd like
> to give it a try, it definitely sounds interesting.

I have some updates on both issues.

OpenID auth in phabricator probably isn't going to happen. Upstream
doesn't see it as a priority and when I looked into writing a plugin
for OpenID myself, I came to the conclusion that it wasn't going to
happen without a much more detailed understanding of how Phabricator
works.

I talked to puiterwijk about the possibility of oauth in FAS and while
oauth support isn't going to be ready very soon, he is planning to
deploy a persona [1] provider for FAS soon - hopefully when beta freeze
is complete. Persona auth just landed in Phabricator (and it works, I've
updated my demo instance and tested persona auth) so it looks like the
auth problem will be solved.

[1] http://www.mozilla.org/en-US/persona/

Policy support in Phabricator seems to be coming along - I'm
subscribed to the ticket and have been getting spammed with multiple
daily updates to that ticket. There's no due date but I'd be surprised
if it was much more than a month or two out.

I'm all for giving it a try - as long as we are careful to make all of
the tickets and code reviews public, I don't see the incomplete policy
implementation as a huge issue. If we decide to move elsewhere,
Phabricator's API seems very comprehensive and I don't think it would
take long to write up some code to migrate all the tickets.

> I like Github, but it really might be too simplified for our use
> cases. I haven't studied these advanced tasks like moving a bug
> report to a different project, but it seems you have. (On the other
> hand, does Trac support this particular task?). It might be a good
> idea to ask fedora-infra guys about their experience.

I talked to the apps folks about their experiences with github and got
the impression that they really like it. They haven't seen a huge
amount of code from folks who weren't already involved with Fedora but
the biggest pluses they saw coming from fedorahosted were:

 - easier/better ACL control
 - easier code review with pull requests
 - no trac :)

Using github repos is an option if we're worried about ACL control but
my plan if we use fedorahosted was to use a single FAS group for all the
taskbot core stuff and second FAS group for the tasks instead of doing
one group per repo.

> Fedorahosted + Reviewboard is far from ideal. Lately you and Martin
> have been using it the most, so I think you're the best people to say
> whether we want to stay with it or move away from it. Thanks very
> much for investigating this.

Martin can correct me if I'm wrong but I don't think that either of us
is attached to the current blockerbugs setup. It _does_ work but there
are lots of bits which are far more painful than they need to be.

With the conversation we've been having and the persona developments, I
propose the following:

 - create FAS groups for git-taskbot-core and git-taskbot-tasks which
   will control access to the git repos
   * use fedorahosted for now, we can migrate to github/bitbucket later
     if we want
 - start using Phabricator as a trial to see if we think we're getting
   enough benefit from it to continue maintaining an installation
 
The only question left is whether we'd want to deploy phabricator in
the fedora cloud instead of on my VPS. My concerns with fedora cloud
are twofold:

 - I don't think we can do anything other than self-signed SSL certs
   instead of the non-self-signed cert I have on my VPS

 - I'm not sure if we can do subdomains on the cloud machines -
   phabricator expects to have a subdomain to itself, so having a
   multipurpose machine without subdomains could be a problem

I'll talk to infra today about what's possible and what they recommend
and I'll update this thread.

Thoughts?

Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/qa-devel/attachments/20131015/c2fd6400/attachment.sig>

More information about the qa-devel mailing list