From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id A198A15803E for ; Wed, 3 Jan 2024 08:33:28 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CA96E2BC028; Wed, 3 Jan 2024 08:33:27 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id AAD162BC028 for ; Wed, 3 Jan 2024 08:33:27 +0000 (UTC) Received: from grubbs.orbis-terrarum.net (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id D0481335D6B for ; Wed, 3 Jan 2024 08:33:26 +0000 (UTC) Received: from grubbs.orbis-terrarum.net (localhost [127.0.0.1]) by grubbs.orbis-terrarum.net (Postfix) with ESMTP id 435272601A2 for ; Wed, 3 Jan 2024 08:33:26 +0000 (UTC) Received: (qmail 1484 invoked by uid 10000); 3 Jan 2024 08:33:26 -0000 Date: Wed, 3 Jan 2024 08:33:26 +0000 From: "Robin H. Johnson" To: gentoo-project@lists.gentoo.org Subject: Re: [gentoo-project] Council meeting 2024-01-14 - Call for agenda items Message-ID: References: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Project discussion list X-BeenThere: gentoo-project@lists.gentoo.org Reply-To: gentoo-project@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ZdyHruTLpjTTZQxH" Content-Disposition: inline In-Reply-To: X-Archives-Salt: 77222848-9e18-4b04-9cd9-d67c7257b32b X-Archives-Hash: 2783fe52e3571350a3803dba588f4c24 --ZdyHruTLpjTTZQxH Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Jan 03, 2024 at 07:24:57AM +0100, Micha=C5=82 G=C3=B3rny wrote: > On Tue, 2024-01-02 at 22:37 +0000, Robin H. Johnson wrote: > > On Mon, Jan 01, 2024 at 07:16:32PM -0800, John Helmert III wrote: > > > > Agenda items from Infra: > > ... > > > > # Add hardware for ONLINE historical distfile archive=20 > > > > Bug #834712 is a draft proposal to add a ONLINE historical distfile= archive > > ... > > > > There would also be a periodic backup into AWS S3 Glacier, able to > > > > re-create the server if needed; > > > Are we already using Glacier? Glacier itself presumably isn't libre, > > > so I'm not sure how we should feel about it from the perspective of > > > social contract depdendency requirements. > > Yes, Infra already uses S3 and Glacier for backups specifically. It's > > *NOT* in any hot path whatsoever, backups only for disaster recovery. >=20 > So we're basically talking about using services of an extremely > unethical company that can additionally randomly change princes to store > backups that we never test because it would be too expensive to test > them. Copying it *OUT* of AWS's cloud is very expensive, that's their business model; additionally the Glacier Deep Storage is optimized for NOT being accessed. Cheap verification is possibly by doing the verification within the cloud, and picking which content to verify, rather than everything. I did a verification test of the main git.g.o repos a few years ago - a retest would be good (esp. with somebody else trying to follow the restore instructions instead of me, to ensure I'm not in the critical path to restore). Say you want to use a libre provider: rsync.net is the closest to true libre offering that I'm aware of. AWS Glacier is USD0.00099/GB/mo (USD0.99/TB) rsync.net is USD0.01/GB/mo (USD10.00/TB) I'm aware of discounts on both services, but I'm using published prices to compare. 10x more expensive as a baseline, before comparing the services on any other merits. Infra presently has 30TB+ of backups in AWS, split by filesizes, since Glacier has a minimum object size, and small files are significantly cheaper to storage in hot storage. If you'd like those backups to also be present on rsync.net, or some other libre service; please put that forward as a proposal to council for funding. As treasurer, I strove to find the cheapest option long-term option that fit the requirements, including the previous social contract opinion that backups were reasonable to host on AWS or similar provider. --=20 Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation President & Treasurer E-Mail : robbat2@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 --ZdyHruTLpjTTZQxH Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Robbat2 @ Orbis-Terrarum Networks - The text below is a digital signature. If it doesn't make any sense to you, ignore it. iQKTBAABCgB9FiEEveu2pS8Vb98xaNkRGTlfI8WIJsQFAmWVG9RfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEJE RUJCNkE1MkYxNTZGREYzMTY4RDkxMTE5Mzk1RjIzQzU4ODI2QzQACgkQGTlfI8WI JsTsoQ//bkKWZXxvWHHDxildcAOucYD2pNELN4cNMYfgB1bvH36bqd9V4ax5YSsW DBDdrFyDK3x+rh8aKtfok+n4X9qrUvvuihkUx6+FvB0QkPinsHtWu3OUErbEOPmn TTJoLz1iCWHPavhnQQuDu1ilUXo+o0bPzA84HqHyhLB4/25/ebUzmWussiW38Ssc SfW5deay8lUOzepeLf3mIrUdJr55kUIBwtV4Z2H3zimHTylu0RvEwiR/GgaK2Yjf EIRITJ6toD7Unvg0r9gu6wuflIKHW3VmRxKnKDA8s5Pe9o9ygzyr+9XLXV0UxcCH f25WBT0dd3RXEkIlT7fi83brx97hXG62E/nk6OrYO+TdgxnxH3WGpOYIaUTEi17A Uy+jNp9Xvqu0QYl2zSSMfDv/+BOJtrk7PjiQaJns2B/AstxU09QFEqP3J4GM/G3N rwdv1B1U3tntZ5VhtItJ+h+B8rrKDuBIkiA9ZYJMj+LMTgKKzTaxY9bHgRg8N5ZZ YzH6T0dWWfSVQyZY5+0VoS1VS7ShjEfEv39X5VEJ4498FYzyx8cbkxpguhR/7RyH Myq5d1BeJhE/v4Hu/soqR0B9ko7niBeoXoLWqkLrZpIfIy/qCAspHWOCiZfnNow1 hmmOuRV3+gBTRFJPtRwBhzIeQyqDxceAger9YflElUK7T0RCevA= =RytD -----END PGP SIGNATURE----- --ZdyHruTLpjTTZQxH--