Responding to what Julien wrote:
Anyone is welcome to help improve Mango (system used to create GNOME SVN accounts). Creating an account is much faster currently than before. From request to commit access (including cron) has taken as little as 16min. In general, accounts@gnome.org is no longer the bottleneck for new accounts (except for translator accounts, haven’t finished setting that up in Mango, currently writing the script to handle the modules, will include translations eventually).
Of course, changes to existing accounts still take a lot of time. But ehr, all my requests for people helping to improve Mango are usually responded in two ways: 1) seen as a vacancy 2) nothing. Not talking about the accounts team. That has expanded (much appreciated).
It would be so much easier if I had help or enough time. Or a real understanding of LDAP (see lack of time). Or if I could force everyone in GNOME to just use GPG (I would’ve if it wasn’t for the lack of time). The lack of GPG combined with wanting security makes some things very difficult to solve.
Currently, I get complaints about not being able to reset the password. Yes, that doesn’t work (can’t really be automated ATM.. lack of GPG, time, etc). Oh well, at least the complaints are different.
I’d like to push as much of the stuff elsewhere. E.g., if you’ve been accepted to the GNOME foundation, you should get an LDAP (Mango) account. Currently the foundation members are a record in a database (no connection to the LDAP account.. also not possible due to slightly different names, email addresses that do not match, etc). If at one point every GNOME foundation member would have an LDAP account, requesting the gnome.org alias would take max 21min (cron). This won’t happen any time soon.
Currently there are various sysadmin tickets I haven’t responded to (or looked at). Three membership committee members who need to be able to do their work (RT3, Mango, IIRC some SSH key resetting as well). Bugzilla config for bugs.gnome.org is still broken, Bugzilla itself should be ported to 3.0. Mango needs to be developed further. Foundation members should be migrated somehow. Etc, etc. Like I said often enough, help is welcome (again: to automate stuff; there are only a few things that require something other than SVN commit access, which I’d gladly provide).
I don’t see above as an organisational problem.
Actually, I’d like to help in this area.
Is there somewhere a list of things that need to be done? a page describing the process to get involved?
It is a very large problem nevertheless. Whether it is because a large organization such as GNOME cannot find the means and ways of allocating enough manpower to do that job effectively, or because enough people are there but they are not doing the job well because of a system of redundant interdependencies between the actions that should be taken, aka bureaucracy.
That said, I do not understand why a tiny fraction of the foundation’s money cannot be invested in paying a professional sysadmin to work, say, 15 hours a week on these stuff, provide weekly reports etc.
Yeah and btw I sent a request to accounts at gnome.org for whatever account/permission is necessary for uploading tarballs for PaperBox more than three weeks ago. While I can always ask someone I know to do that for me, the lack of a bugzilla module, which I applied for around that time as well, is certainly not helping me in creating and maintaining a community of active and helpful users.
It should not be forgotten that these stuff *are* a big deal to people who are doing all of their work entirely on a volunteer basis.
I’d like to apologise to you for framing my complaints about the system as though they were personal criticisms. That was unfair.
I wonder whether the specific case of password reset would be possible from a command-line action on master (since such a person is known to be authenticated). Or does that fall foul of LDAP?
I would like it (for this and other things) if there was a way of shining a bat-searchlight at the sky to call up all free software LDAP (or whatever other technology) people available…
Marko: I’m not dismissing the problem. I really understand. However, there is only so much that I can do. As people work on volunteer basis, you cannot ‘allocate’ a person. If you check foundation-list, you’ll see that they are discussing to hire a sysadmin (although it seems unlikely to be solved any time soon). Please voice your opinion there. Hiring vs volunteer feels like doing a bad job, because we should rather found a volunteer.
I don’t think the purpose of a sysadmin should be creating accounts though (should automate it, make it efficient).
Uploading tarballs: Someone should’ve responded by now (rest of the team should be able to handle things). Please ping in #sysadmin on irc.gnome.org.
Note that almost everyone is a volunteer. The number of hours I spend on some things will never be enough to make the queue any smaller. The only real improvement came from automating the new account process. Due to this, I’m doing that.. leaving the rest to others to pick up (which ehr, sometimes means it isn’t done, sorry).
Thomas: You did not make it personal, was just about the system sucking. I just thought the process as a whole would’ve sucked more without this system in place.
I thought about having some reset system on master, but not everyone has a shell there. You can actually change your LDAP password if you know your current one using one of the openldap tools (making it, ehr.. useless for resetting). That would have to be solved using some setuid script.. which I suck at (euid, uid, whatever). In short: takes too much time for not enough gain; better to solve it for everyone who at least has SVN (sort of like it works initially). But that SVN machine has slave LDAP, so you cannot actually do the password request on that machine (aargh!). The script I’m working on would be a temp on (SSH port forwarding crap), until I can migrate everone to GPG (hopefully).
With GPG, I could just extend Mango a little and have you use GPG. Or maybe only rely on GPG to let you log in, getting rid of all the passwords. Until you lost your GPG key… but hopefully we can reuse the Debian way for that (no idea what they do in that case).
Debian/Freedesktop has a nice setup. Ok, it requires people to use GPG. But after that, the maintaince of such a system would be shared between Debian, Freedesktop and GNOME. E.g. my improvements could be used by Debian again.
Athrun: Please contact me in #sysadmin on irc.gnome.org (later today)… might take a few pings before we are both online at the same time.
Olav, I fully understand that you’re doing your best. My impression is that lately you are the only person who has been contributing significant work in this area; you also blog about it occasionaly – thus being the only person to whom we can talk or write to.
I agree that having volunteers is much better – I should’ve prefixed that paragraph with “Since there has not been enough volunteer work, ….” However, I find it somewhat disappointing that it is so hard to attract volunteers for this.
I lost my SSH key. I’ll request a change to be capable of contribute too.
Olav, my point wasn’t to bash the sysadmins. I know there are few of you, and obviously things aren’t well organised to make it easy on you[sysadmins] either.
The impression I get is that you[sysadmins] suffer from the same thing as me in my professional work : things don’t just flow and work is needed to keep them flowing ; they need to be pushed through.
Snark: It is not about that, more that the planet problem is IMO much easier to improve than most of the infrastructure problems. It could be made more visible (using Bugzilla) or faster (by getting a few volunteers, e.g. membership committee clear policy).
For sysadmins, you can’t really do anything until you have root. But actually, most tasks should be delegated to other teams like e.g. accounts team. Leaving the sysadmins to do stuff like setup websites, servers, etc. I think most tasks that should be solved in a reasonable timeframe (accounting things, new svn modules) should be delegated in some way.