draft the SVN retirement proposal

7cd390ed · anarcat · 2764c8c7 · 7cd390ed
Verified Commit 7cd390ed authored 3 years ago by anarcat
--- a/policy/tpa-rfc-11-svn-retirement.md
+++ b/policy/tpa-rfc-11-svn-retirement.md
+---
+title: TPA-RFC-11: SVN retirement
+---
+
+[[_TOC_]]
+
+Summary: SVN will be retired by the end of 2021, in favor of
+Nextcloud.
+
+# Background
+
+SVN (short for Subversion) is a version control system that is
+currently used inside the Tor Project to manage private files like
+contacts, accounting data, forms. It was also previously used to host
+source code but that has all been archived and generally migrated to
+the git service.
+
+The SVN server (called `gayi`) is not very well maintained, and has
+too few service admins (if any? TBD) to be considered
+well-maintained. Its retirement has been explicitly called for many
+times over the years: 
+
+ * [2012: migrate SVN to git](https://gitlab.torproject.org/tpo/tpa/team/-/issues/4929)
+ * [2015: shut down SVN](https://gitlab.torproject.org/tpo/tpa/team/-/issues/17202)... by 2016, no explicit solution proposed
+ * [2015: move to Sparkleshare](https://gitlab.torproject.org/tpo/tpa/team/-/issues/17719)
+ * [2019: move to Nextcloud](https://gitlab.torproject.org/tpo/tpa/team/-/issues/31540)
+ * [2020: user survey](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/roadmap/2021#survey-results) (3% of respondents want to retire SVN)
+
+An [audit of the SVN server](https://gitlab.torproject.org/tpo/tpa/team/-/issues/33537) has documented the overly [complex
+access control mechanisms](https://gitlab.torproject.org/tpo/tpa/team/-/wikis/howto/svn/#design) of the server as well.
+
+For all those reasons, the TPA team wishes to retire the SVN server,
+as was proposed (and adopted) in the 2021 roadmap.
+
+Many replacement services are considered for SVN:
+
+ * git or GitLab: GitLab has private repositories and wikis, but it is
+   generally considered that its attack surface is too broad for
+   private content, and besides, it is probably not usable enough
+   compared to the WebDAV/SVN interface currently in use
+ * Nextcloud: may solve usability requirements, may have privacy
+   concerns (ie. who is a Nextcloud admin?)
+ * Google Docs: currently in use for some document writing because of
+   limitation of the Nextcloud collaborative editor
+ * Granthub: currently in use for grant writing?
+
+## Requirements
+
+In [issue 32273][], a set of requirements was proposed:
+
+[issue 32273]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/32273
+
+ * **permanence** - there should be **backups** and no data loss in
+   the event of an attack or hardware failure
+ * **archival** - old data should eventually be **pruned**, for
+   example personal information about past employees should not be
+   kept forever, financial records can be destroyed after some legal
+   limit, etc.
+ * **privilege separation** - some of the stuff is **private** from
+   the public, or even to tor-internal members. we need to clearly
+   define what those boundaries are and are strongly they need to be
+   (e.g. are Nextcloud access controls? sufficient? can we put stuff
+   on Google Docs? what about share.riseup.net or pad.riseup.net? etc)
+
+# Proposal
+
+The proposal is to retire the SVN service by December 1st 2021. All
+documents hosted on the server shall be migrated to another service
+before that date.
+
+TPA suggests SVN users adopt Nextcloud as the replacement platform,
+but other platforms may be used as deemed fit by the users. Users are
+strongly encouraged to consult with TPA before picking alternate
+platforms.
+
+## Timeline
+
+ * November 1st 2021: reminder sent to SVN users to move their data
+   out.
+ * December 1st 2021: SVN server (`gayi`) retired with an extra 60
+   days retention period (ie. the server can be restarted easily for 2
+   months)
+ * ~February 1st 2022: SVN server (`gayi`) destroyed, backups kept for
+   another 60 days
+ * ~April 1st 2022: all SVN data destroyed
+
+## Affected users
+
+It is believe that `sue` is the only remaining user of the SVN
+service. Remains TBD.
+
+# Approvals
+
+This proposal needs to be explicitly approved by TPA, but also by all
+operations people, and especially current SVN users.
+
+# Deadline
+
+This proposal should be adopted before October 1st 2021,
+tentatively. It will be sent out some time in August 2021, after a
+direct call with Sue.
+
+# Status
+
+This proposal is currently in the `draft` state.
+
+# References
+
+ * [SVN documentation](howto/svn)
+ * [issue 17202](https://gitlab.torproject.org/tpo/tpa/team/-/issues/17202): "Shut down SVN and decomission the host (gayi)",
+   main ticket to track the host retirement, includes:
+   * [issue 32273][]: "archive private information from SVN", includes:
+     * [corpsvn data inventory](https://gitlab.torproject.org/tpo/tpa/team/-/issues/32273#note_2542833), including "currently" used file
+       management tools and alternatives
+   * [issue 32025][]: "Stop using corpsvn and disable it as a service"
+   * [issue 40260](https://gitlab.torproject.org/tpo/tpa/team/-/issues/40260): "TPA-RFC-11: SVN retirement", discussion ticket
+
+[issue 32025]: https://gitlab.torproject.org/tpo/tpa/team/-/issues/32025