Tape 014 - Clip 1
Vimeo_:
TranscriptText:
So this is much the same model that client eng is working on
right/and
So what Being interested in the same stabilization points and wanting to track
closely and all those other things is not the same as identity its not the same as
using that computer and that network connection and that disk drive as my source
tree....I dont know whos mending that machine dont know what their security
rules are mean dont know anything about it See
Youre talking about the state of the code and the development process and where
branches are hes talking about who has physical control of the machine who has
physical control of the network connection right
Heres why its interesting Because Im not willing to depend on you and your
machine..
LT Are you saying that client eng shouldnt depend on Mozilla.org in their machine
Thats right and the reason is Mozilla can go down for 12 hours and client eng
cannot Mozilla can be hacked and client eng cannot depend on machine that can
be hacked
LT Why not
Because its disruptive to their business They can make up their minds one
morning they need to spend
LT Lets solve the problem when we have it why..
Th7can
and have in the past wake up one morning and security fire drill fix
something now
LT Right
If Mozilla.org is down because it got hacked yesterday afternoon because they
dont have 24 by 7W support because no one can pay for it because it ends up
costing money because of any number of reasons
LT Isnt it just popping in to different sub net mean arent we talking..
No sorry
Page
ii
Netscape Documentary
Tape 14 3/10/98
Urn how does IBM pop it in to different sublet
LT What Im say..
No youre depending on the fact that Netscape owns Mozilla.org which is
something you should not do
LT Well you say its something should not do but Im not sure why
assert that that is critical to Mozilla.orgs success Failing to make that
assumption
think hes right but he wants to know why The reason is in order to get their
do iQ
jobMozilla has to be willing to serve the needs of IBM Adobe hacker hacker
hacker netscape and others
LT And think you can
Stop They set of priorities and importances that you need to do in order to solve
those peoples problems are very very different from the sets of priorities and
importances you need to do to solve CPDs problems And because of that you are
going to make decisions that will be very different One of them is things like 24
by support one of them is whether or not youre on the outside of the firewall
what kind of security walls you find necessary and how much energy youre
willing to put in to making sure your stuff is secure bla bla Because of that
somebody like CPD or IBM or Adobe or God knows who are going to find
themselves looking at machine that while its very interesting is not something that
they can depend upon to run their business 24 hours day days week Which
mean theyre gonna shadow it And they can shadow it your way Im happy but
the point is theyre gonna shadow it And come stabilization time theyre gonna
have guy whose job it is to understand the difference between my copy and the
stable thing Its gonna be his job Its gonna suck but. afl /7
LT Um and IBM with number of changes can do that but Netscape but with the
Number of changes that go into release. .one person cant keep that in their head
i1t o3
Page
Netscape Documentary
Tape 143/10/98
Just cant do it Ive been there Tom and ..theres just not anybody who can do
that
Hold it Im not saying ..do you want to treat branch on the Mozilla tree
LT And work on and have client eng work on the branch and...code the birds for
long enough period of time that somebodys responsible for getting it
back...putting the stuffing back together someday in the future and that just
doesnt..
They can be clones Every single checking can be clone on two pieces of
hardware if thats the way you want to manage it You can just raid the two
mean dont care how you do it But if the Box in Mozilla goes down wheres
CPD If they get hacked in in the middle of the night wheres CPB
LT CPDs got its tree closed which happens and we dont die from that and we get it
back up and its OK Lifes all right Weve had that happen before and life goes
on you work with it Im saying...youre adding something thats going to be very
expensive
No dont think so
LT Well thats where we disagree
JZ Heres where think...you guys sound like youre disagreeing more than you need
to be think something that would make Tom happy would be if there was copy
of the CVS repository on Mozilla.org inside the firewall that client eng works out of
and theres some process that maybe is even an automated process that
synchronizes those two you know every 24 hours or something
Just freakin close it dont care if thats the way you want to do it
LT ...theres time...then how do you poll and verify that your changes worked and
then youre verifying against two..then Mozilla.org has its build verification
process and it takes time. .0K so great..
You can only check in when Mozilla.org is up you can pull at any time
Page
Netscape Documentary
Tape 14 3/10/98
Then its just cache
Thats your right If you want to do it that way youre Netscape and you could
say the tree goes down thats fine with me go for it
dont see where that solves your probkm
LT Yeah..
IBM doesnt have to be...they can do whatever they damn well please They can
manage it the way they want to manage it
The problem is if you have fully live second repository somebody is in
integration....and if you dont have fully live repository then. .youre vulnerable
to...but it doesnt seem like theres any in between ground Youre either in
integration hell or youre vulnerable to the problems of using Mozilla.org ist
repository...
Or someone throws enough money at Mozilla.org to make it be as reliable as it was
inside the fire wall Maybe thats not even possible and its not clear that that
person..
...were going to be giving the ability to check code in to that machine to people
who we dont have any legal attachment to right so ...people who arent even in
the country right who we only know because.. s-n
And probably hack the machine to bits..
You can also hack the guys network who can check in code and snoop his
password and do something...the guys at the university..
LT So its an extra its what weve been describing as an extra right mean isnt that
the definition you put something out..
Do you know what marketing has been describing as an extranet that thing that
doesnt actually exist
guess really want to avoid such strong defense around that box that it becomes
difficult for people to use it
iro7 az3
Page
qcy Netscape Documentary
Tape 14 3/10/98
JZ Yes
LT Right agree with you and think we ought to take the risk think the downside
of the risk isnt that big if we have..
All right let me give you crystal ball Hi there Dave Rothschild here is
Mozilla.orgs machine Its CVS server blah here it is heres the IS behind it Its
over them in California and youve got some IS support of the following nature
blah Dave Rothschild is going to spend Nano seconds before hes gonna realize
need copy of that source code
LT Of course hes got copy of the source code ..everybody does its mirrored all
over the world right we cant serve CVS out of the world...reading out of that tree
anyway Were gonna have to have mirror..were going to have to be able to
mirror that thing anyway One CVS server cant support the world
What are we arguing about
Read only
LT No Im saying read only is something you can do if thats what you want to do in
order to make sure you never have integration problems mean how you want to
work on branches is your problem you ...there are parts of the software industry
where people have check in rules that you know weve never even discussed here
break
question is do we believe that were gonna tell Netscape that their source machine
is the same source machine as.. .-i ct
Mozilla.org cant tell Netscape anything All Mozilla.org can do is offer CVS
server Everything else is Netscapes problem
So the question is whats client eng gonna choose to do
Page
Netscape Documentary
Tape 14 3/10/98
Hold on one thing Mozilla can do is tell Netscape to go piss
off when they say we
need you to freeze the tree tomorrow we have security fire drill Mozillas gonna
say doesnt meet with our plans
LT You dont say every say freeze the tree we fix stuff on branches thats what we
do we go patch.
Ijust dont think theres anything Mozilla.org could do to change this problem
This problem exists..
LT Yes agree with that
MT All Mozilla.org can do is have source code thats available that people can make
changes to.
JZ think were not wearing our Mozilla.org hats in this meeting were trying to
figure out what client eng should do and that has ramifications on what Mozilla.org
does but
But its important to Mozilla to be able to say Netscape peculiarities in schedule
and Tuesday afternoon demand are not germane to what business we need to
accomplish in the next week..
LT But OK Netscape and Mozilla.org have common goal in those stabilizations
But they have lots of little goals too Theyre all over the map Theres million
things going on in that tree..
MT Netscape can always branch even if...were right on top of the Mozilla.org tree
we can always branch if our..
LT If the goal is to merge thats what branches are
for/tLL1
fr
JZ Branches handle this
right/and
So what Being interested in the same stabilization points and wanting to track
closely and all those other things is not the same as identity its not the same as
using that computer and that network connection and that disk drive as my source
tree....I dont know whos mending that machine dont know what their security
rules are mean dont know anything about it See
Youre talking about the state of the code and the development process and where
branches are hes talking about who has physical control of the machine who has
physical control of the network connection right
Heres why its interesting Because Im not willing to depend on you and your
machine..
LT Are you saying that client eng shouldnt depend on Mozilla.org in their machine
Thats right and the reason is Mozilla can go down for 12 hours and client eng
cannot Mozilla can be hacked and client eng cannot depend on machine that can
be hacked
LT Why not
Because its disruptive to their business They can make up their minds one
morning they need to spend
LT Lets solve the problem when we have it why..
Th7can
and have in the past wake up one morning and security fire drill fix
something now
LT Right
If Mozilla.org is down because it got hacked yesterday afternoon because they
dont have 24 by 7W support because no one can pay for it because it ends up
costing money because of any number of reasons
LT Isnt it just popping in to different sub net mean arent we talking..
No sorry
Page
ii
Netscape Documentary
Tape 14 3/10/98
Urn how does IBM pop it in to different sublet
LT What Im say..
No youre depending on the fact that Netscape owns Mozilla.org which is
something you should not do
LT Well you say its something should not do but Im not sure why
assert that that is critical to Mozilla.orgs success Failing to make that
assumption
think hes right but he wants to know why The reason is in order to get their
do iQ
jobMozilla has to be willing to serve the needs of IBM Adobe hacker hacker
hacker netscape and others
LT And think you can
Stop They set of priorities and importances that you need to do in order to solve
those peoples problems are very very different from the sets of priorities and
importances you need to do to solve CPDs problems And because of that you are
going to make decisions that will be very different One of them is things like 24
by support one of them is whether or not youre on the outside of the firewall
what kind of security walls you find necessary and how much energy youre
willing to put in to making sure your stuff is secure bla bla Because of that
somebody like CPD or IBM or Adobe or God knows who are going to find
themselves looking at machine that while its very interesting is not something that
they can depend upon to run their business 24 hours day days week Which
mean theyre gonna shadow it And they can shadow it your way Im happy but
the point is theyre gonna shadow it And come stabilization time theyre gonna
have guy whose job it is to understand the difference between my copy and the
stable thing Its gonna be his job Its gonna suck but. afl /7
LT Um and IBM with number of changes can do that but Netscape but with the
Number of changes that go into release. .one person cant keep that in their head
i1t o3
Page
Netscape Documentary
Tape 143/10/98
Just cant do it Ive been there Tom and ..theres just not anybody who can do
that
Hold it Im not saying ..do you want to treat branch on the Mozilla tree
LT And work on and have client eng work on the branch and...code the birds for
long enough period of time that somebodys responsible for getting it
back...putting the stuffing back together someday in the future and that just
doesnt..
They can be clones Every single checking can be clone on two pieces of
hardware if thats the way you want to manage it You can just raid the two
mean dont care how you do it But if the Box in Mozilla goes down wheres
CPD If they get hacked in in the middle of the night wheres CPB
LT CPDs got its tree closed which happens and we dont die from that and we get it
back up and its OK Lifes all right Weve had that happen before and life goes
on you work with it Im saying...youre adding something thats going to be very
expensive
No dont think so
LT Well thats where we disagree
JZ Heres where think...you guys sound like youre disagreeing more than you need
to be think something that would make Tom happy would be if there was copy
of the CVS repository on Mozilla.org inside the firewall that client eng works out of
and theres some process that maybe is even an automated process that
synchronizes those two you know every 24 hours or something
Just freakin close it dont care if thats the way you want to do it
LT ...theres time...then how do you poll and verify that your changes worked and
then youre verifying against two..then Mozilla.org has its build verification
process and it takes time. .0K so great..
You can only check in when Mozilla.org is up you can pull at any time
Page
Netscape Documentary
Tape 14 3/10/98
Then its just cache
Thats your right If you want to do it that way youre Netscape and you could
say the tree goes down thats fine with me go for it
dont see where that solves your probkm
LT Yeah..
IBM doesnt have to be...they can do whatever they damn well please They can
manage it the way they want to manage it
The problem is if you have fully live second repository somebody is in
integration....and if you dont have fully live repository then. .youre vulnerable
to...but it doesnt seem like theres any in between ground Youre either in
integration hell or youre vulnerable to the problems of using Mozilla.org ist
repository...
Or someone throws enough money at Mozilla.org to make it be as reliable as it was
inside the fire wall Maybe thats not even possible and its not clear that that
person..
...were going to be giving the ability to check code in to that machine to people
who we dont have any legal attachment to right so ...people who arent even in
the country right who we only know because.. s-n
And probably hack the machine to bits..
You can also hack the guys network who can check in code and snoop his
password and do something...the guys at the university..
LT So its an extra its what weve been describing as an extra right mean isnt that
the definition you put something out..
Do you know what marketing has been describing as an extranet that thing that
doesnt actually exist
guess really want to avoid such strong defense around that box that it becomes
difficult for people to use it
iro7 az3
Page
qcy Netscape Documentary
Tape 14 3/10/98
JZ Yes
LT Right agree with you and think we ought to take the risk think the downside
of the risk isnt that big if we have..
All right let me give you crystal ball Hi there Dave Rothschild here is
Mozilla.orgs machine Its CVS server blah here it is heres the IS behind it Its
over them in California and youve got some IS support of the following nature
blah Dave Rothschild is going to spend Nano seconds before hes gonna realize
need copy of that source code
LT Of course hes got copy of the source code ..everybody does its mirrored all
over the world right we cant serve CVS out of the world...reading out of that tree
anyway Were gonna have to have mirror..were going to have to be able to
mirror that thing anyway One CVS server cant support the world
What are we arguing about
Read only
LT No Im saying read only is something you can do if thats what you want to do in
order to make sure you never have integration problems mean how you want to
work on branches is your problem you ...there are parts of the software industry
where people have check in rules that you know weve never even discussed here
break
question is do we believe that were gonna tell Netscape that their source machine
is the same source machine as.. .-i ct
Mozilla.org cant tell Netscape anything All Mozilla.org can do is offer CVS
server Everything else is Netscapes problem
So the question is whats client eng gonna choose to do
Page
Netscape Documentary
Tape 14 3/10/98
Hold on one thing Mozilla can do is tell Netscape to go piss
off when they say we
need you to freeze the tree tomorrow we have security fire drill Mozillas gonna
say doesnt meet with our plans
LT You dont say every say freeze the tree we fix stuff on branches thats what we
do we go patch.
Ijust dont think theres anything Mozilla.org could do to change this problem
This problem exists..
LT Yes agree with that
MT All Mozilla.org can do is have source code thats available that people can make
changes to.
JZ think were not wearing our Mozilla.org hats in this meeting were trying to
figure out what client eng should do and that has ramifications on what Mozilla.org
does but
But its important to Mozilla to be able to say Netscape peculiarities in schedule
and Tuesday afternoon demand are not germane to what business we need to
accomplish in the next week..
LT But OK Netscape and Mozilla.org have common goal in those stabilizations
But they have lots of little goals too Theyre all over the map Theres million
things going on in that tree..
MT Netscape can always branch even if...were right on top of the Mozilla.org tree
we can always branch if our..
LT If the goal is to merge thats what branches are
for/tLL1
fr
JZ Branches handle this
