Off-topic post - issues with site-hosting sytems

In a recent post to gpsd-dev, I noted that I joined the development
team for Savane yesterday.  Savane is the project-hosting system that powers
Gna! and Savannah, which gives you a pretty good clue where the gpsd project
is likely to move to avoid further Berlios outages.  I promised to divagate
on my reasons.  The best way I can do this is to quote a white paper that
I began drafting two days ago in the wake of the Berlios outage:

=========================================================================

== Three Common But Serious Failings of Project Hosting Sites ==

=== Data Jails ===

The worst problem with almost all current hosting sites is that
they're data jails. You can put data (the source code revision
history, mailing list address lists, bug reports) into them, but
getting a complete snapshot of that data back out often ranges from
painful to impossible.

Why is this an issue? Very practically, because hosting sites, even
well-established ones, sometimes go off the air. Any prudent project
lead should be thinking about how to recover if that happens, and how
to take periodic backups of critical project data.  But more generally,
it's *your data*.  You should own it.  If you can't push a button and
get a snapshot of your project state out of the site whenever you
want, you *don't* own it.

When berlios.de crashed on me, I was lucky; I had been preparing to
migrate GPSD off the site due to deteriorating performance; I had
a Subversion dump file that was less than two weeks old.  I was
able to bring that up to date by translating commits from an
unofficial git mirror. I was doubly lucky in that the Mailman
adminstrative pages remained accessible even when the project
webspace and repositories had been 404 for two days.

But actually retrieving my mailing-list data was a hideous process
that involved screen-scraping HTML by hand, and I had no hope at all
of retrieving the bug tracker state.

This anecdote illustrates the most serious manifestations of the
data-jail problem.  Third-generation version-control (hg, git, bzr,
etc.) systems pretty much solve it for code repositories; every
checkout is a mirror.  But most projects have two other critical data
collections: their mailing-list state and their bug-tracker state.
And, on all sites I know of in late 2009, those are seriously jailed.

This is a problem that goes straight to the design of the software
subsystems used by these sites.  Some are generic: of these, the most
frequent single offender is 2.x versions of Mailman, the most widely
used mailing-list manager (the Mailman maintainers claim to have fixed
this in 3.0). Bug-trackers tend to be tightly tied to individual
hosting engines, and are even harder to dig data out of.  They also
illustrate the second major failing...

=== Unscriptability ===

All hosting-site suites are Web-centric, operated primarily or
entirely through a browser.  This solves many problems, but creates a
few as well.  One is that browsers, like GUIs in general, are badly
suited for stereotyped and repetitive tasks.  Another is that they
have poor accessibility for people with visual or motor-control
issues.

Here again the issues with version-control systems are relatively
minor, because all those in common use are driven by CLI tools
that are easy to script.  Mailing lists don't present serious issues
either; the only operation on them that normally goes through the web
is moderation of submissions, and the demands of that operation are
fairly well matched to a brower-style interface.

But there are other common operations that need to be scriptable and
are generally not. A representative one is getting a list of open bug
reports to work on later - say, somewhere that your net connection is
spotty.  There is no reason this couldn't be handled by an email
autoresponder robot connected to the bug-tracker database, a feature
which would also improve tracker accessibility for the blind.

Another is shipping a software release.  This normally consists of
uploading product files in various shipping formats (source tarballs,
debs, RPMS, and the like) to the hosting site's download area, and
associating with them a bunch of metadata including such things as a
short-form release announcement, file-type or architecture tags for
the binary packages, MD5 signatures, and the like.

With the exception of the release announcement, there is really no
reason a human being should be sitting at a web browser to type in
this sort of thing. In fact there is an excellent reasons a human
*shouldn't* do it by hand - it's exactly the sort of fiddly, tedious
semi-mechanical chore at which humans tend to make (and then miss)
finger errors because the brain is not fully engaged.

It would be better for the hosting system's release-registration logic
to accept a job card via email, said job card including all the
release metadata and URLs pointing to the product files it should
gather for the release.  Each job card could be generated by a
project-specific script that would take the parts that really need
human attention from a human and mechanically fill in the rest. This
would both minimize human error and improve accessibility.

In general, a good question for hosting-system designers to be asking
themselves about each operation of the system would be "Do I provide a
way to remote-script this through an email robot or XML-RPC interface
or the like?" When the answer is "no", that's a bug that needs to be
fixed.

=== Poor support for immigration ===

The first (and in my opinion, most serious) failing I identified is
poor support for snapshotting and if necessary out-migrating a
project.  Most hosting systems do almost as badly at in-migrating a
project that already has a history, as opposed to one started from
nothing on the site.  

Even uploading an existing source code repository at start of a
project (as opposed to starting with an empty one) is only spottily
supported. Just try, for example, to find a site that will let you upload
a mailbox full of archives from a pre-existing development list in
order to re-home it at the project's new development site.  

This is the flip side of the data-jail problem. It has some of the
same causes, and many of the same consequences too.  Because it makes
re-homing projects unnecessarily difficult, it means that project
leads cannot respond effectively to hosting-site problems.  This
creates a systemic brittleness in our development infrastructure.

=========================================================================

No prize for guessing that I joined Savane to fix these problems.  I
intend to raise the bar for hosting-site engines by not merely talking about
these design features but implementing them.
--
                <a href="http://www.catb.org/~esr/">Eric S. Raymond</a>
_______________________________________________
Gpsd-dev mailing list
Gpsd-dev@...
https://lists.berlios.de/mailman/listinfo/gpsd-dev