[tor-bugs] #9425 [BridgeDB]: Create and document a better BridgeDB (re)deployment strategy

Mon Aug 26 13:12:34 UTC 2013

#9425: Create and document a better BridgeDB (re)deployment strategy
------------------------+---------------------------------------------------
 Reporter:  isis        |          Owner:  isis             
     Type:  task        |         Status:  needs_information
 Priority:  normal      |      Milestone:                   
Component:  BridgeDB    |        Version:                   
 Keywords:  deploy,doc  |         Parent:                   
   Points:              |   Actualpoints:                   
------------------------+---------------------------------------------------
Changes (by isis):

  * status:  needs_revision => needs_information
 * cc: isis@… (added)

Comment:

 The software/application BridgeDB should be considered separate from the
 fact
 that we're the only people currently crazy enough to run one of these
 things. Someday, hopefully, it will be sane for people to run a BridgeDB
 (whether this be a single centralised BridgeDB in a Tor test network, or
 in
 some sort of zero-knowledge, distributed-ORM, blind-token manner).

 For now, separation between ponticum.tpo BridgeDB deployment/maintenance
 and
 BridgeDB (as in the code which lives in
 https://gitweb.torproject.org/bridgedb.git) should be considered separate.

 A portion of sysadmin-related tasks for ponticum should not be made
 public. However, other sysadmin tasks (such as deployment scripts) should
 be
 fine to make public. As much as is safely possible should be public, and
 so,
 because there are multiple users in the bridgedb group, there will need to
 be
 a bridgedb maintenance/sysadmin/deployment repo, so that one would do:

 {{{
 (in the top-level of bridgedb.git)
 git clone tpo:projects/bridgedb-admin.git admin
 }}}

 Then there is the problem of what to do with the non-public things. I'm
 not
 sure if there is now some fancy ''and'' maintainable way to encrypt files
 to
 multiple users and commit them to git, perhaps git-annex or
 git-annex-assistant or one of these new-fangled things would do this for
 us. I
 certainly can't be the first to have this problem. Someone should devise a
 way
 to VC this stuff.

 If that's not doable, I don't know what the policy is on it, but we'd
 probably
 want a private repo. (This makes me nervous, but not as nervous as just
 keeping random files strewn around on ponticum.)

 The following things should be done:

  1) Create projects/bridgedb-admin.git repo, with RW access for (at
     least) myself and sysrqb, (If other people within the bridgedb group,
 if
     they would like to continue to help with bridgedb
 deployment/maintenance
     tasks on ponticum and also contribute to this repo they should speak
 up
     and request access).

  2) Devise/research a way to store private files between multiple
     collaborators within the above repo.

     a) If that can't be done, another repo request for a private repo
 should
        be made.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9425#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online