On Mon, Jan 25, 2021 at 2:29 PM Darren Duncan <darren@darrenduncan.net>
wrote:
> On 2021-01-25 10:51 a.m., Corwin Brust wrote:
> > Please forgive this top-post, hastily composed over a short lunch :)
> >
> > Is there evidence suggesting a read-only RT will take less effort to
> maintain?
> >
> > On Mon, Jan 25, 2021, 02:57 Leon Timmermans wrote:
> > Quite frankly, "rt loses all data" may actually be less work for me
> > than "rt becomes read-only"
>
> Part of my proposal is that the RT software goes away entirely and that
> the
> read-only archive is just a set of static HTML pages plus a static
> database
> dump, both downloadable and the former is what continues to be hosted.
>
> Even if read-only, I understand the primary issue with continuing to use
> the RT
> software is its being possibly unmaintained complex software that presents
> a
> sizeable attack surface and sizeable maintenance burden.
>
> So if the archive is simply a static dump in multiple formats, HTML for
> easy
> reading which a generic search engine can index, and SQL etc for easy
> importing
> for more complex analysis, this presents a minimal almost set it and
> forget it
> maintenance burden, put it on a plain vanilla server, and it is easy for
> any
> interested person to download a copy which is more backups.
>
> So the RT software can just go away, just keep the data.
>
> This is assuming that everything of value is safe to make public. If
> anything
> in the database should only be seen by authenticated users or is
> privileged or
> is security sensitive, that would have to be scrubbed from this.
>
I appreciate the motivation for the suggestions, but this discussion is
rather moot, because 1) a static archive was always the plan, 2) a second
static archive already exists (https://github.com/rt-cpan/rt-cpan.github.io),
3) this doesn't solve the immediate concerns of active RT users.
-Dan
wrote:
> On 2021-01-25 10:51 a.m., Corwin Brust wrote:
> > Please forgive this top-post, hastily composed over a short lunch :)
> >
> > Is there evidence suggesting a read-only RT will take less effort to
> maintain?
> >
> > On Mon, Jan 25, 2021, 02:57 Leon Timmermans wrote:
> > Quite frankly, "rt loses all data" may actually be less work for me
> > than "rt becomes read-only"
>
> Part of my proposal is that the RT software goes away entirely and that
> the
> read-only archive is just a set of static HTML pages plus a static
> database
> dump, both downloadable and the former is what continues to be hosted.
>
> Even if read-only, I understand the primary issue with continuing to use
> the RT
> software is its being possibly unmaintained complex software that presents
> a
> sizeable attack surface and sizeable maintenance burden.
>
> So if the archive is simply a static dump in multiple formats, HTML for
> easy
> reading which a generic search engine can index, and SQL etc for easy
> importing
> for more complex analysis, this presents a minimal almost set it and
> forget it
> maintenance burden, put it on a plain vanilla server, and it is easy for
> any
> interested person to download a copy which is more backups.
>
> So the RT software can just go away, just keep the data.
>
> This is assuming that everything of value is safe to make public. If
> anything
> in the database should only be seen by authenticated users or is
> privileged or
> is security sensitive, that would have to be scrubbed from this.
>
I appreciate the motivation for the suggestions, but this discussion is
rather moot, because 1) a static archive was always the plan, 2) a second
static archive already exists (https://github.com/rt-cpan/rt-cpan.github.io),
3) this doesn't solve the immediate concerns of active RT users.
-Dan