should be

Stephan Hermann sh at
Mon Sep 17 20:09:01 BST 2007

Hi Jordan,

Jordan Mantha schrieb:
> On 9/17/07, Stephan Hermann <sh at> wrote:
>> Hi Sarah et al,
>> Sarah Hobbs schrieb:
>>> I'd like to concur with the above, here.
>>> If it's a question of trust, remember that those of ubuntu-dev can
>>> upload to the ubuntu archive, and some of their code is in main, which
>>> core devs have uploaded.
>>> It seems that this is supposed to be analogous to, due
>>> to the naming.  Giving the members of ubuntu-dev shell access would fit
>>> into that idea.
>>> It really is a royal pain to have MOTU's resources spread across
>>> multiple servers all over the world (and no one address to point to, for
>>> the resources)
>> To be honest, I don't see the use of
>> When you declare it like "", it's not. When you declare
>> it like "", most probably it's the same.
>> On, only employees are allowed to have access, no
>> outsiders (at least this was the policy in 2001, and I think it didn't
>> change).
> My point was that should belong to the Ubuntu
> community as a whole, not just Canonical. A Canonical-specific
> resource should be housed at a address, IMO.

Depends. If the server and the domainname belongs to the Foundation,
this could be done by a decision of the Foundation Board.
If the server and domainname belongs to Canonical Inc. they can decide
what to do with it.
TBH, I'm not happy with (that's why I don't use the
<user> email address),
address for the project actually, but this is my personal feeling, and I
don't want to bother anyone with this.

>> Having MOTU resources widespread, is a bad thing, I agree, but using
>> company (and
>> AFAIK is restricted to people with canonical network
>> access through
>> vpn or whatever) resources, I don't like it either.
> That's what I'd like to see changed, if possible.
See above. Coming from the business point of view, it needs to be clear,
to whom the server (hardware)
and the domainname belongs. And reading whois, it belongs to Canonical
Ltd (sorry, I was all the time referring to Inc. but it's an LTD.)

>> Having something like is what I would prefer.
>> Hopefully, we can find a sponsor who is sponsoring MOTU this resource
>> (hello HP, Dell, IBM, SUN).
> But now you've created a whole new name space with and
> you've separated MOTU from Core Devs. I think a resource that makes
> collaboration between *all* Ubuntu developers better is the way to go.

Well, actually, should be usable by any ubuntu member.
Then this would make sense.
I mean, ubuntu-motu-devs and ubuntu-core-devs != employees of Canonical
are not using the same resources inside of Canonical
(forgetting using the LP resources), so there is already a difference
between motus, community driven core-devs and employed core-devs. 

The new namespace is not a split of the core-devs. Community-Driven
Core-devs are coming from the MOTU side of life ;) and as I wrote above,
there is already a split between resources of community-driven and paid

>> Even if I do like the idea of having sponsored everything from Canonical
>> Inc., I do dislike the idea of being someone
>> who can't find other sponsors for the MOTU project.
>> I do appreciate the  Canonical Inc. commitment to the MOTUs, means
>> having Daniel be the MOTU Canonical2Community&ViceVersa spokesman is
>> very good,
>> and I'm glad that his employer gave him the opportunity to work with
>> MOTUs fulltime,
>> but I think it is also very important that at least MOTU Team itself is
>> a bit "free" of Canonicals sponsored "paid" services.
>> We had tiber sponsored by Canonical in former times, right, but now MOTU
>> is somehow bigger, and we could deal with resources by ourselves.
> I see your point and I think it's a fairly valid one. However, I would
> still say that should be independent enough if it's
> open to all developers and it shouldn't really matter who's hosting
> the machine.

Well, dealing with  Datacenter Security myself, I wouldn't allow
anybody, who is not working for the company, to access servers in
Servers, who are accessed by "foreigners" are normally at WAN side,
without any security (active), means, on those servers there are ip filters
running, but no hardware packet filter in front of the server (in common
writing, those hardware packet filter are named firewall, which is,
IT Language, totally wrong).
So, the server has to be totally separated from the front, mid and
backnet (means: frontnet, the network behind the packet filter, midnet,
most likely named DMZ,
and backnet most likley the highest secured network in the Datacenter).
There is a technical reason why it's not accessible, from the Admin
view, this shouldn't be changed.

But, and now I'm refering to the beginning of my reply, if someone
decides, that can be changed to a public used service,
there is the possibility to put a server directly to wan, safed only by
netfilter rules, but without active security.
This decision has to be made by the Holder of the domain or server or
the bill payment person of the datacenter).
>> This is nothing against Canonical Inc. as sponsor, the opposite is the
>> case. I would like to see the MOTUs
>> a bit outside of the Canonical Universe regarding server resources.
>> Having a server from the LoCo Team, and having a team responsible for
>> the servers, outside of Canonical, is a great idea,
>> but I don't think that this will help MOTU, because we are in need of
>> different resources for our work, and our tools are not drupal or php.
> I think only real requirement, other than being sane and secure, is
> that our apps not need root access, but I could be wrong there.

Well, afaik on there are some services running, who
are having connections to other canonical machines.
Therefore, to transfer those services, you need to put some work into,
or you setup a new server, point the domain towards
this new server,
setup  to the old server. But then, you have the
same splitting again. The employees would use, and will do what?
Serving homepages of Ubuntu Developers?

If Community Driven Developers (MOTUS + Core-Devs) are in need of
special server resources,
IMHO the best way is this: Find a sponsor, who has enough power to
provide some nice machines,
add ssh-authentication and sudo-authorization  via ssh-key, or better
via LP2LDAP Import with SSH-Keys)
Then you can provide your services to the masses, and MOTU +Core-Devs
are not inside the Canonical Datacenter, with the security restrictions.

Just to have some webpages for Ubuntu Developers, I do think that there
is no need to use



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : 

More information about the ubuntu-devel mailing list