On Fri, Sep 5, 2014 at 2:01 AM, Daniel Kinzler daniel.kinzler@wikimedia.de wrote:
Am 04.09.2014 20:03, schrieb Jeroen De Dauw:
I'm also curious to if WMF is indeed not running any CLI tools on the cluster which happen to use Symfony Console.
As far as I know, no unreviewed 3rd party php code is running on the public facing app servers. Anything that has a debian package is ok. Don't know about PEAR...
I probably misspoke in that conversation.
There are two main review processes to get external dependencies installed on the Wikimedia cluster. One way is by checking it in somewhere in the source, and going through our code review process. The other way is to get it deployed as part of the base operating system.
If you're going to go the source control route, then it needs to go through code review.
If you're going to go the operating system route, then TechOps will make the call. I don't know everything that goes into their thought process, but having a Debian package is a necessary (but not always sufficient) means of getting it deployed. The value of relying on packaging goes way down if you aren't prepared to use the version that comes with the Ubuntu LTS versions. So, if you're thinking that "oh, there's a package, great, let's now get them to upgrade to the bleeding edge!", you're likely to be disappointed. Also, TechOps is pretty stingy about what they accept responsibility for.
TechOps tends to be skeptical of language specific tools such as PEAR, Composer, npm, pip, CPAN, etc. When we use those things, we tend to use them in conjunction with source control and the review process there.
Hope this helps.
Rob