Olav Vitters

For those not following #docs on IRC and/or the gnome-web-list mailing list, here is another status update on the work done by various people on library.gnome.org.

Things changed:

• gnome-doc-utils documents look more like the design by Frederic Peters (created from an image)
• libgo now creates index.html.$LANG files for all the gnome-doc-utils documents.
• Uses the new gnome-doc-utils HTML output instead of XHTML (you cannot serve XHTML as HTML.. unless you make it pretend to be HTML, but IMO then you should just use HTML anyway)
• Changed a bunch of Python code to remove UNIXisms (and introduced a few bugs..)

Things that are broken:

• Some modules have hacks in their Makefile.am files, making it impossible for libgo to find the documentation
• Sometimes libgo can’t find the figures (often for gnome-doc-utils)
• gtk-doc often have missing xml files
• gtk-doc are not indexed (for now just browse http://library.gnome.org/api)
• Feature: separate user and developer documentation.
• Instead of calling it library.gnome.org everywhere, perhaps ‘GNOME Library’
• Feature: instead of one big unreadable logfile, have some kind of structured output

We just had a first meeting in #docs about library.g.o. Frederic Peters announced a very nice library.g.o design on his library.g.o testsite. Screenshot:

This doesn’t build yet. For this we need a new gnome-doc-utils. The first test version of that is ready. Now the libgo software needs to be enhanced to make use of the new gnome-doc-utils possibilities (toc in the sidebar). A screenshot of what the new gnome-doc-utils can do:

I’ve updated the server with the gnome-doc-utils out of SVN. This means library.g.o is broken until someone updates the XSLT in the libgo software.

Mango
Lately I’ve been fixing a few things that annoyed me in mango (system used for handling the GNOME LDAP accounts):

• HTML pages didn’t use UTF-8 everywhere.
• Couldn’t add more than one SSH key. The other ones where silently deleted. This means those tickets could only be handled by a sysadmin, and not any accounts@ person. Plus that sysadmin had to know how to do LDAP via the commandline.
• Sending a standard mail from Mango to someone with a dot in the name gave an error message
• Emails weren’t in UTF-8
• Login box wasn’t automatically focussed
• Some of the standard email templates weren’t in mango

Above are mostly small fixes. The most annoying thing is that we can’t create UTF-8 accounts. I think this is because the openldap scheme by default doesn’t allow UTF-8 in the gecos field. However, I am not sure if I can just change that and not have it break the existing LDAP entries. Further, it shouldn’t break when e.g. a security rpm for openldap is installed.

Mango revamp (Summer of Code project)
Baris Cicek is working on enhancing mango (the system used to handle the GNOME LDAP accounts). The idea is to make the account requesting much faster and more transparent. The current ideas are listed on http://live.gnome.org/Sysadmin/Mango_Revamp (feel free to read and add comments — only at the end though!). The current method basically sucks. Ideally I’d like accounts@ to consist of only checking the new user and click either a ‘create account’ / ‘reject’ button. Before that the maintainer already approved everything (securely); the email address was verified to be correct, etc. There are some difficulties with designing the system, a few of them are:

• No list of maintainers for the different modules. There are MAINTAINERS files, which is often used as a free text field. Moreover, the email addresses often do not match. Further, I rather have LDAP have an official list than have mango rely on whatever system we use for the source code (SVN). But on the other hand, I guess maintainers would like a MAINTAINERS file more than some webinterface (guessing).
• No good way to authenticate. Sending an email with a token is not secure enough. A password is worse, when that is lost the whole SSH publickeys breaks down. I’m thinking of either handing out those client certificates or GPG. But those have problems as well. Not everyone (wants to) understand(s) GPG.

Other stuff

• Did a lot of work on reducing the outstanding tickets in RT3 (mostly accounts, also some sysadmin stuff). I am worried about the number of tickets in the stalled state (waiting for a reply from someone other than sysadmin/accounts); I guess a lot of our answers go straight into the spam folder. Currently there are about 40 tickets are in that state (it was 20-25 before I started on the tickets). Can’t wait for the new mango possibilities.
• Tried installing Zope and Plone. Gave up quickly. Seeing a security advisory on the Zope as well as the Plone site was also not encouraging. I’d rather have a rpm by Dag Wieers.

Goran Rakić started development on library.gnome.org as his Google Summer of Code 2006 project. For this he created a libgo script available in GNOME SVN in the library-web module.

It took a while to get it up and running, but the output of that script can now be seen at:

Help wanted
As you can see from the site, a lot is missing. As the last commit to library-web is over 7 months ago, I’m searching for anyone with Python, gtk-doc and gnome-doc-utils experience (or willing to learn) to help out. I’d appreciate people with an SVN account. Having volunteers with gnomeweb access would rock!

Note: I did not develop any of this code (or know much about it). As far as I know it was all made by Goran. Some of the documentation I found:

• http://live.gnome.org/GnomeWeb/Library
• http://live.gnome.org/GnomeWeb/Library/Annotations
• http://live.gnome.org/GnomeWeb/Library/Implementation
• http://live.gnome.org/GnomeWeb/Library/ServerDetails. Hopefully explains how to set it up for yourself. This was written by me, so some details could be wrong/improved.
• http://svn.gnome.org/viewcvs/library-web/trunk/doc/

Action plan:
Please subscribe to gnome-web-list and be sure to read the archives (discussion took place over many, many months). I’d appreciate people who can work without much guidance, because I am pretty busy and do not know much about it.

Thanks
Above is not an attack or anything on Goran. I know he is busy and the existing code is very much appreciated. Just trying to get some people involved.

Quoting from http://dsbl.org/faq:

• list.dsbl.org single-stage relays tested by trusted testers
• multihop.dsbl.org the outputs of multihop relays, tested by trusted testers
• unconfirmed.dsbl.org everything else, including tests done by anonymous testers; people could potentially sign up their own ISP’s mail server to this list

After that it says the following:

Note that the multihop and unconfirmed lists are very aggressive and have the potential for a high level of false positives.

GNOME uses list.dsbl.org among others. Gmail is only listed by unconfirmed and multihop.

There is a proposal on desktop-devel-list to drop bug-buddy reports from either <=GNOME 2.14 or <=GNOME 2.16. I fully agree with <=GNOME 2.14 (receives max 5 bugreports/day). However, not sure about <=GNOME 2.16.

Based on server stats over the last week, we:

• Created 23 GNOME <=2.14 bug-buddy reports. Update: To clarify, the <=2.14 bug-buddy programs updated themselves 9603 times (it does that when you start it and it wasn’t updated for at least 1 day, plus the server config changed). Obviously that method of reporting bugs is so broken that killing it wouldn’t have a big impact.
• Received 5513 XML-RPC GNOME 2.15 + 2.16 bug-buddy reports. I assume 60% are auto-rejected (received!=created).
• Received 475 XML-RPC bug-buddy report for other GNOME versions (sometimes the bug-buddy version couldn’t be determined).
• Created 2405 bugreports in total (over the last 7 days instead of last week).

Seeing above stats, unless I get a good objections from many developers GNOME <=2.14 bug-buddy reports will be dropped (with an explanation message). Before dropping 2.15+2.16, I’d like some (developer) feedback on d-d-l. Please read the entire thread, then add your comments.

RHEL5
There is just one server left to upgrade – menubar. I’m delaying this after GNOME 2.18.1, plus I want to create a test installation first.

Servers that have been upgraded to RHEL5:

• label
  Contains LDAP (GNOME usernames), live.gnome.org (it was down twice yesterday)

• button
  Contains MySQL (reason for Bugzilla downtime yesterday), mango (GNOME account creation/update thingy)

• window
  Hosts loads of websites, cvs.rpm.org, functions as master.gnome.org. It will be an ‘upgrade and see what breaks’.

• box
  Hosts Bugzilla. In preparation I’ll move Bugzilla to window after it is upgraded RHEL5 (either today or tomorrow).

• container
  Used for NFS. Upgraded while keeping most of the servers up (Bugzilla and some websites depend on NFS, but managed to work around that)

Servers to do and the current plan:

• menubar – after more testing
  Known as mail.gnome.org. I do not want to upgrade it before having me/jdub do a test config on another server.

Benefits of RHEL5:

• Our server configuration is documented
• slapcat is very fast
• Mango repository is now on svn.gnome.org (not publicly visible)
• Account creation+foundation mails now use UTF-8
• Learned how to change PHP4 DOM calls to PHP5
• /usr/bin/php-cgi works so much better via CGI than /usr/bin/php
• Stealing external interfaces is possible
• Learned that the apparently unsupported RHEL upgrade option works
• Learned that some sysadmins are crazy in their easy task consideration (ldap?!?)

It is very nice to work with lots of sysadmins on this.

Update: window and box have been branded RHEL5.

At April 1st the GNOME sysadmins will be upgrading lots of servers from RHEL3/4 to RHEL5. This will obviously cause downtime. The Subversion (svn.gnome.org) will NOT be affected. However, svn-commits-list (mail.gnome.org) will be.

Although this is planned for April 1st, do keep in mind that if
something breaks (or just the upgrade taking longer), SOME OF THE
SERVICES COULD STILL BE DOWN ON April 2nd, or longer. The upgrade
however takes place in stages. Not everything is down at once.

Stuff that is affected:

• Websites hosted by GNOME:
  http://www.gnome.org/, http://planet.gnome.org,
  http://developer.gnome.org/, etc.

• Wiki’s hosted by GNOME (live.gnome.org+others)
• Mail, meaning mailinglists, @gnome.org, etc.
• Bugzilla
• Databases (e.g. Bugzilla, foundation membership, etc)
• CVS (apparently we host cvs.rpm.org 😉
• DNS (e.g. if the downtime takes too long, you will not be able
  to get the IP address of svn.gnome.org — this is
  82.211.81.213 btw)

Not affected (ideally;):

• svn.gnome.org
• l10n.gnome.org
• torrent.gnome.org

The upgrade officially starts at 14:00 UTC. However, I will be moving some services before that time. So take this time as a rough estimate.

The plan:
http://live.gnome.org/Infrastructure/RHEL5

The schedule:
http://live.gnome.org/Schedule

Spam on live.gnome.org

The bot accounts I know about cannot change any page anymore (see BannedGroup page on lgo for affected user names). Also enabled the antispam solution provided by moinmoin. Up to now we just relied on bots not creating an account.

Pre-warning

Together with Red Hat NOC people and other sysadmins I plan to upgrade all of the machines hosted at Red Hat from RHEL3/4 to RHEL5. This excludes svn.gnome.org; but affects basically everything else. See http://live.gnome.org/Sysadmin/Servers for an overview of the servers.

A rough step-by-step guide can be found at http://live.gnome.org/Infrastructure/RHEL5. I am not exactly sure how long this will take. I expect 2 to 3 days. Please mail gnome-infrastructure and cc gnome-sysadmin if you have questions.

Note: This is not final yet. I’ll finalize the schedule this weekend.

Max Kanat-Alexander wrote a plugin to Supybot. This enables Supybot to announce changes made to any 2.18+ Bugzilla install; just like CIA/#commits. It of course also responds to ‘bug 100000’.

A Supybot called bugbot is announcing all bugzilla.gnome.org changes in #bzbot on irc.gnome.org. However, if you want to have it announce just the changes for your product in some channel, please contact either me (GimpNet, #bugs) or mkanat (usually on irc.mozilla.org in #supybot — currently on gimpnet as well). For GimpNet, bugbot replaces the bots bzbot and bugsbot.

Bugzilla installations wanting such an announcement bot, just contact mkanat. If you want the plugin for your own Supybot, just run:

bzr co http://bzr.everythingsolved.com/supybot/Bugzilla

to check it out using bzr.

I went on a terminal and vessel visit last week. The original plan was to visit the Axel Maersk. This ship has a capacity of 6600 TEU (twenty foot containers). However, that vessel would arrive later than initially planned. That is why we visited the Lars Maersk instead. This ship can hold 3700 TEU and sails between South Africa and Europe. After boarding the vessel I was amazed just how much noise a ‘wall’ of reefer containers makes. It is almost as bad as the ships engine. The ships Master gave a 1.5 hour tour, showing almost everything from the engine to the bridge (excluding some areas due to security regulations). After that we went outside and walked around the ship. As it was raining a bit there was a few centimeters of water on the desk and I almost got my feet wet. Others weren’t so fortunate.
After the vessel visit we got a tour around the terminal. I’ve been on the terminal multiple times, but it was still nice.