Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 2 Jan 2017 00:40:28 -0500
From: Rich Felker <>
Subject: Re: musl new-year's infrastructure resolutions

On Sun, Jan 01, 2017 at 11:32:21PM -0600, A. Wilcox wrote:
> Hash: SHA256
> On 01/01/17 20:31, Rich Felker wrote:
> > On Sun, Jan 01, 2017 at 04:37:04PM -0600, A. Wilcox wrote:
> >> On 31/12/16 17:37, Rich Felker wrote:
> >>> Adopting an issue tracker. This requires actually selecting
> >>> one and setting up the infrastructure for it. The wiki could
> >>> possibly be moved to the same infrastructure. (I want to keep
> >>> webapp-ish stuff like wiki, issue tracker etc. off the server
> >>> that hosts git and release downloads because anything
> >>> interactive is a significant attack surface that puts integrity
> >>> of code as risk.)
> >> 
> >> Are you looking for hardware, or for admin volunteers?  No matter
> >> how much I hate wearing the admin hat, I seem to be pretty good
> >> at running stable Bugzilla servers, if that's something you are
> >> interested in. It's one of the most flexible of the FLOSS issue
> >> trackers.
> > 
> > Given how things turned out relying on a volunteer admin for the
> > wiki, I'm probably more looking for someone with experience setting
> > the chosen tracker up so that I don't have to figure out
> > everything myself. I'm familiar with and like Bugzilla from a user
> > side, but IIRC it requires some ugly legacy hosting infrastructure;
> > is this correct? (I.e. does it need particular old-fashioned
> > server/db sw like Apache, Mysql, etc. or can it be used with more
> > modern alternatives?)
> I disagree with calling Apache 2.4 "old-fashioned" - mpm_event works
> quite well - but it is just good simple CGI.  It can run anywhere Perl
> can.

For an httpd oriented towards dynamic content/"web apps", probably
nginx, but if simple CGI is all it needs, I'd just go for something
fast and light like thttpd.

> It supports MySQL/MariaDB, PostgreSQL, Oracle, and SQLite3.  While I
> prefer pgsql over the others, I'm not sure I would call any of those
> "old-fashioned" either.

Postgres or sqlite would be my preference, with a bias towards the
latter if there's no strong reason not to use it, simply because I
prefer having everything in the filesystem and governed by unix
permissions rather than having to deal with separate databases.

> Assuming this isn't acceptable, what do you consider "modern"?

I think it's fine...

> Unfortunately I have experience with over a dozen issue trackers, so I
> can likely match you to *something* that would work for your
> infrastructure.

...but I am interested in whether you have others that would be worth


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.