[tor-bugs] #32025 [Internal Services/Service - git]: Stop using corpsvn and disable it as a service

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Feb 17 08:30:56 UTC 2020 

#32025: Stop using corpsvn and disable it as a service
---------------------------------------------+----------------------------
 Reporter:  arma                             |          Owner:  tor-gitadm
     Type:  project                          |         Status:  new
 Priority:  Medium                           |      Milestone:
Component:  Internal Services/Service - git  |        Version:
 Severity:  Normal                           |     Resolution:
 Keywords:                                   |  Actual Points:
Parent ID:  #17202                           |         Points:
 Reviewer:                                   |        Sponsor:
---------------------------------------------+----------------------------

Comment (by arma):

 [I wrote this explanatory text for Gaba and Anarcat, and I'm posting it to
 the ticket too for posterity.]

 My rough outline for a way forward would be:

 (1) Freeze corpsvn (i.e. make it read-only), and make a full checkout of
 it somewhere, and have that accessible in case Sue needs to access it.

 (2) Give Sue someplace temporary to put her new files. Maybe that's
 Nextcloud. *Not* move all the old files there, or at least not by default.

 (3) Put together a strike team to look at the frozen corpsvn checkout,
 plus the frozen internalsvn checkout. Build a list of categories (HR,
 finance, grantwriting, grant manager, etc), and sort the files into these
 categories, discarding as many files as possible. Figure out where else
 people are storing these files currently (granthub? google docs? their
 hard drive?). Make a comprehensive plan for how files of each category
 should be stored, and who should have read or write access per category.
 For example, there's no reason that HR documents should go into the same
 database, or even the same storage service, as grant proposals.

 Step 3 is bigger than just svn, since it has to do with how we should
 actually properly store our internal files. Anarcat gave a start to that
 process in #32273.

 (4) Get Sue and others to switch over to using the new process we develop
 in '3'.

 We could do (3) before we do (1), and then we would never need to do (2).
 It depends how eager we are to shut down corpsvn. Any plan where we put
 off (3) indefinitely is dangerous though. For example, we could be open to
 gdpr messes in our current state -- plus actual security failures too.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/32025#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list