question: role accounts at the ASF?

[Justin Mason <jm...@jmason.org>]

Hi infrastructure team --

A question (sorry if this isn't the right forum, it's the nearest thing I
could find ;).

To date in SpamAssassin, we've used a "role account", namely a user called
"release", to build releases. Our build procedure relies on using a role
account in order to insulate itself from user-specific environmental
settings. This has proved to be a useful convention in the past, where
occasionally an overlooked environmental detail turned out to be important
to how the resulting tarballs came out; we've learned from experience that
having a defined host and defined user-account to do releases from, works
well to avoid that.

Another bonus: it also means that if PMC member A is the guy with all the
build tools etc. installed in his home dir, and he ups and leaves the
project, the build scripts are insulated from having to be changed to
reflect this. (by "build tools" in this case, BTW, I mean for example the
entire compiled perl 5.8.x install and required modules; too big to be put
in svn in my opinion, although I may be wrong there.)

Is the "release role account" concept used in the ASF at all?
What would you all suggest?

--j.

Re: question: role accounts at the ASF?

[Ben Laurie <be...@algroup.co.uk>]

Justin Mason wrote:

> Hi infrastructure team --
> 
> A question (sorry if this isn't the right forum, it's the nearest thing I
> could find ;).
> 
> To date in SpamAssassin, we've used a "role account", namely a user called
> "release", to build releases. Our build procedure relies on using a role
> account in order to insulate itself from user-specific environmental
> settings. This has proved to be a useful convention in the past, where
> occasionally an overlooked environmental detail turned out to be important
> to how the resulting tarballs came out; we've learned from experience that
> having a defined host and defined user-account to do releases from, works
> well to avoid that.
> 
> Another bonus: it also means that if PMC member A is the guy with all the
> build tools etc. installed in his home dir, and he ups and leaves the
> project, the build scripts are insulated from having to be changed to
> reflect this. (by "build tools" in this case, BTW, I mean for example the
> entire compiled perl 5.8.x install and required modules; too big to be put
> in svn in my opinion, although I may be wrong there.)
> 
> Is the "release role account" concept used in the ASF at all?

I have argued strongly against role accounts many times.

> What would you all suggest?

Scripts that produce a release regardless of who runs them. If you 
require specific versions of things, then test for them (IMO).

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Re: question: role accounts at the ASF?

[Justin Erenkrantz <je...@apache.org>]

--On Wednesday, August 4, 2004 11:52 AM -0700 Justin Mason <jm...@jmason.org> 
wrote:

> Is the "release role account" concept used in the ASF at all?
> What would you all suggest?

What httpd does is to have a set of roll scripts in httpd-dist.  With the 
exception of the autoconf and libtool versions, it produces the 'standard' 
release package.  All of the environmental logic is handled by the script - so 
as long as you run these script, you should produce equivalent releases. 
releasecheck.sh enforces particular versions of autoconf and libtool that are 
known to work - however, this still doesn't resolve the problem of distros 
custom-patching their libtool - which almost everyone does.  *sigh*  The RM 
just needs to use the 'vanilla' GNU libtool distribution.  (SA doesn't have 
that problem, IIRC.)

See:  <http://cvs.apache.org/viewcvs.cgi/httpd-dist/tools/>

I will also note that Subversion has gone a little bit farther and is starting 
to dictate specific package creation utilities to avoid known problems (i.e. 
pax instead of tar).   But, the philosophy is the same: code all assumptions 
into the shell script to allow anyone to do a release at any time that is 
equivalent.

So, no, we haven't typically done a role account.  However, if you guys really 
wanted one, we could probably arrange it.  But, on what machine?  ;-)

HTH.  -- justin