Replacement of Launchpad and/or Gitolite in 2017
We have been using Launchpad for several years for bug/feature request tracking and managing our translations. Separately, we have been using Gitolite and Gitweb to manage our Git repositories. However, some dissatisfaction has been building up over the years, and during the hackfest at the 2017 EIC, we decided to start exploring alternatives.
Reasons for change
Launchpad (bugs)
What we like about LP
Series and milestone targeting of bugs.
It's fairly easy for non-technical folks to create an account, create a bug, add a comment, or follow along with the comments.
The ability to filter bug mail subscriptions by tag, importance or status is handy for those who don't want to subscribe to all bugs, but want to only subscribe to those that fit a certain criteria (e.g. documentation).
The community has utilized the ability to tag fairly well, using it to organize the bugs into categories or use them to convey information about the need for tests, the need for release notes, etc. If we move to another system, we need to ensure all of that information isn't lost and that we can somehow migrate that information to the new system.
What we don't like about LP
UI supplies no way to batch-edit bugs
The
API is hard to use, particularly for command-line applications
LP has timeout errors rather more often than one would like
No direct links from the bugs to the commits fixing them (or viceversa, i.e a "fix bug 123" commit message links LP123 with that branch).
Bug search is limited, even with advanced search. Most effective way to search is to start opening a new bug.
There's no way to edit, delete, or suppress a comment, which is a problem if somebody has inadvertently left in patron or a description of a security exploit.
There's no way to update a bug without triggering an email, which is a problem for batch updates.
Huge list of software options out there OSS or not
Gitolite
What we like about Gitolite
What we don't like about Gitolite
Keys for new users must be added manually, adding a bit of friction to the process.
Similarly, human intervention is required whenever a user has new or updated keys.
No direct links from commits to the bugs describing them.
Launchpad (translations)
What we like about LP
What we don't like about LP
Requirements for replacements
Hard requirements
Interface for reporting bugs should be easy for non-technical folks to use
Can import bug history, including comments
Can import existing PO and POT files
Soft requirements
Has the ability to host a private repo for the security team. (If not, we could keep using Gitolite for that)
Ability to find and retrieve bugs by their old LP number
Ability to migrate categorizations used in our tagging system to whatever categorization system is used in the replacement.
Desiderata
Options
GitHub
Notes
Pro
Defacto standard site for many projects.
Already being used by DIG for gists.
"Everyone" has a GitHub account.
We can create a
nonprofit organization that allows us to have unlimited users and private repositories once our 501c3 status is finalized.
Con
Offers no integrated i18n/l10n tools
Private repos are not free (as in beer).
Not F/
OSS itself, so we can't host it ourselves if desired.
-
Will necessitate changes in workflow, particularly as regards working repositories. (This could be a good thing!)
-
-
-
It is a "bad look" for a F/
OSS project to use proprietary hosting solutions.
Pro
We can host it ourselves or host at gitlab.com
Includes GitLab CI so we could retire both buildbot + current live testing with full Docker-based CI
Anyone can sign up without administrator intervention.
Users can be in groups that can all access the same repos.
Has lots of plugins and applications that could add some of the "missing features."
Can integrate with LDAP for community sign-on.
Con
Offers no integrated i18n/l11n tools
-
While annoying, this is due to inconsistencies within the Evergreen repo's git history, and can be mitigated: by editing the global git config on the GitLab server, you can change the detection of zero-padded file modes from a fatal error to a warning, or ignore them altogether. A method of ensuring that the that particular configuration setting was not overwritten at GitLab upgrade time might also be necessary. (The configuration change has remained in place through 2 upgrades on a test installation.)
We don't have as much control over branch permissions as gitolite offers. This likely means we'll lose the working repository in favor of individual developer repositories. (Note: gitlab used to be based on gitolite but is no longer.)
-
Anyone with an account can create their own projects/repositories. We're gonna need a lot more disk space.
To get many of the best features, we would need a license for the Enterprise Edition. (See
https://about.gitlab.com/pricing/#self-managed). This would cost the community $6,000/year for 125 users. (That number is based on the number of user keys in the gitolite configuraiton.)
A self-managed/self-hosted solution would still require some administrator overhead, perhaps as much as gitolite.
Going with the community edition will necessitate work flow changes, particularly as regards working repositories. (This could be a good thing!)
Using dual-licensed products with a full feature proprietary release and less powerful free release is a bad look for a F/
OSS project.
Fork LP
Pro
Con
GOGS
Pro
Con
Atlassian Open-Source
Pro
Con
Gerrit
Pro
Con
savannah.nongnu.org
Pro
Con
If we move to a bug tracking / repository tool that does not include translation support (and most alternatives do not), then we need to consider what we would like to do for translations.
POEditor.com
Pootle
Pro
Con
Zanata
Pro
F/
OSS: We can host it ourselves, or use the free (for open source projects) hosted version
Con
Weblate
Pro
Con
Central authentication / authorization system
If we continue with self-hosted systems, it might be really nice to be able to centralize our authentication so that people could just use a single "Evergreen community account" that would work for the bug tracker, wiki, translation, blog, version control, etc. Most of the self-hosted systems at least offer LDAP, so if we were to add an LDAP server to the mix we could manage authentication and authorization centrally…