On Tue, Feb 14, 2012 at 7:05 PM, dann frazier <dannf@xxxxxxxxx> wrote: > On Sat, Feb 11, 2012 at 02:11:30PM -0500, John David Anglin wrote: >> On 9-Feb-12, at 12:55 PM, dann frazier wrote: >> >For 1) I think the right answer is to move services to a new >> >stable/secure host for the time being and shut the existing machine >> >down. We can retain the option of moving things back once the unstable >> >port is in full force. As a side benefit, such a migration should also >> >help get the existing services running w/ newer packages >> >(e.g. apache2) and allow us cleanly transition services over w/ >> >minimal downtime (demonstrate a working system first, then update DNS >> >records). Who knows how painful it will be to go from pre-lenny to sid >> >all at once. >> > >> >2) can be solved by moving the domain to someone else's >> >infrastructure, or having a trusted volunteer to be the primary >> >admin for the system. >> >> >> I need to update a few more packages before magnum is ready for buildd. >> >> Thibaut offered to setup the buildd but doesn't have a lot of free >> time. I'm >> willing to do general system admin and monitoring the build system, >> but Thibaut has to be in charge. I'm hoping that Carlos is still >> willing to help >> with uploads, and to try to get his current patches into the debian >> eglibc 2.13 >> patch set. Otherwise, we may have to have a separate patch set. >> >> I think ESIEE is the logical host site. Magnum will be moved to an >> "open" IP >> when it's ready to start building. It will require careful >> firewalling at that time. >> >> No objection to moving the current buildd to magnum. I guess the >> security >> updates are the biggest issue. Once the buildd is running, we can >> work on >> transitioning to a final release. > > All of the above sounds like good progress. However, it still leaves the > parisc-linux.org machine running an unsupported OS for an undefined > amount of time. During that time, this box will either need to be > shutoff, or manually patched to avoid HP audit scans (or, worse yet, > actual exploits). If the plan is to migrate this system to the > debian-ports unstable archive when it becomes available, we'll need > someone to maintain that install as well. It looks to me like this burden clearly outweighs the benefits of being selfhosted, so maybe the right move is to use a supported architecture for hosting the website? Given the "audience" for linux-parisc, I don't think it would make a significant difference... my 2c. T-Bone -- Thibaut VARENE http://www.parisc-linux.org/~varenet/ -- To unsubscribe from this list: send the line "unsubscribe linux-parisc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
