This looks great, Christian. Is there anything we need to do to have our buildbot system test it?
..m On Tue, Aug 9, 2016 at 8:10 AM Christian Ehrhardt < christian.ehrha...@canonical.com> wrote: > Hi, > I wanted to give the ML a ping as well about this, so that not only the > Pull Request is existing. > Eventually one here might chime in as well. > > There is a prototype to snap ntpsec at > https://gitlab.com/NTPsec/ntpsec/merge_requests/49 > > I'll quote my PR text here and hope for a great discussion: > > "Hi, on one hand I worked on packaging ntp (classic) recently and on the > other hand I worked a bit with snapcraft (=> http://snapcraft.io/). I > really think ntpsec would be a perfect candidate to exploit snap packaging. > > Please consider this an RFC for now - following the spirit of NTPsec > contribution policy "Before starting significant work, please propose it > and discuss it first" I'll also write to the ML linking to this branch. But > also did I not just want to mention snapcraft and run away - instead I > thought to provide a prototype that can be tested, but discuss motivation, > tech and details before doing some more heavy lifting work. > > My current example is meant for a daily build, but this can easily be > changed to whatever you prefer. Snapcraft could - for example - build from > a stable branch of your tree automatically or whatever else you want. > > Benefits of exploiting snap(craft) in ntpsec (in my opinion): > > - for security it is often important to be able to push fixes fast to > consumers, snaps are great for that as it somewhat cut's out the > distributions as a gatekeeper of a release process > - ntpsec isn't packaged in distributions yet, an upload to the > snapstore would make you instantly available on multiple distributions > - faster development iteration cycles, which is especially useful for > new (or newly forked) projects > - and of course all the benefits listed at http://snapcraft.io/ > > Limitations: > > - this doesn't use any of the great snap isolation features yet (still > using --devmode to get the prototype fast). Implementing those will need a > few new interfaces and that effort should be spent after the discussion > (but on the good side, you haven't lost anything - just not gained all of > the snap isolation features yet). > - currently there is no snapcraft plugin for waf, so I provided one > (but I also started to push it to snapcraft already so it can be dropped > from ntpsec in a bit) > > I'm looking forward and hope that the security improvements of ntpsec and > those of snap's for packaging will one day stack up to be even better > together. Let's discuss. > > Kind Regards Christian > > P.S. FYI - I'm soon going to vaction - so please don't wonder if there is > kind of no-response between 13th and 23rd August. OTOH this gives everyone > more time to play and experiment with it." > > > > -- > Christian Ehrhardt > Software Engineer, Ubuntu Server > Canonical Ltd > _______________________________________________ > devel mailing list > devel@ntpsec.org > http://lists.ntpsec.org/mailman/listinfo/devel
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel