Discussion about PR: WIP: Snapify ntpsec

Mark Atwood fallenpegasus at gmail.com
Tue Aug 9 15:58:47 UTC 2016


This looks great, Christian.

Is there anything we need to do to have our buildbot system test it?

..m

On Tue, Aug 9, 2016 at 8:10 AM Christian Ehrhardt <
christian.ehrhardt at canonical.com> wrote:

> Hi,
> I wanted to give the ML a ping as well about this, so that not only the
> Pull Request is existing.
> Eventually one here might chime in as well.
>
> There is a prototype to snap ntpsec at
> https://gitlab.com/NTPsec/ntpsec/merge_requests/49
>
> I'll quote my PR text here and hope for a great discussion:
>
> "Hi, on one hand I worked on packaging ntp (classic) recently and on the
> other hand I worked a bit with snapcraft (=> http://snapcraft.io/). I
> really think ntpsec would be a perfect candidate to exploit snap packaging.
>
> Please consider this an RFC for now - following the spirit of NTPsec
> contribution policy "Before starting significant work, please propose it
> and discuss it first" I'll also write to the ML linking to this branch. But
> also did I not just want to mention snapcraft and run away - instead I
> thought to provide a prototype that can be tested, but discuss motivation,
> tech and details before doing some more heavy lifting work.
>
> My current example is meant for a daily build, but this can easily be
> changed to whatever you prefer. Snapcraft could - for example - build from
> a stable branch of your tree automatically or whatever else you want.
>
> Benefits of exploiting snap(craft) in ntpsec (in my opinion):
>
>    - for security it is often important to be able to push fixes fast to
>    consumers, snaps are great for that as it somewhat cut's out the
>    distributions as a gatekeeper of a release process
>    - ntpsec isn't packaged in distributions yet, an upload to the
>    snapstore would make you instantly available on multiple distributions
>    - faster development iteration cycles, which is especially useful for
>    new (or newly forked) projects
>    - and of course all the benefits listed at http://snapcraft.io/
>
> Limitations:
>
>    - this doesn't use any of the great snap isolation features yet (still
>    using --devmode to get the prototype fast). Implementing those will need a
>    few new interfaces and that effort should be spent after the discussion
>    (but on the good side, you haven't lost anything - just not gained all of
>    the snap isolation features yet).
>    - currently there is no snapcraft plugin for waf, so I provided one
>    (but I also started to push it to snapcraft already so it can be dropped
>    from ntpsec in a bit)
>
> I'm looking forward and hope that the security improvements of ntpsec and
> those of snap's for packaging will one day stack up to be even better
> together. Let's discuss.
>
> Kind Regards Christian
>
> P.S. FYI - I'm soon going to vaction - so please don't wonder if there is
> kind of no-response between 13th and 23rd August. OTOH this gives everyone
> more time to play and experiment with it."
>
>
>
> --
> Christian Ehrhardt
> Software Engineer, Ubuntu Server
> Canonical Ltd
> _______________________________________________
> devel mailing list
> devel at ntpsec.org
> http://lists.ntpsec.org/mailman/listinfo/devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ntpsec.org/pipermail/devel/attachments/20160809/ed68faa3/attachment.html>


More information about the devel mailing list