Page MenuHomePhabricator
Create Task
Maniphest T213996

New MongoDB version is not DFSG-compatible, dropped by Debian
Closed, ResolvedPublic
Actions

Description

As a consequence of MongoDB switching to Server Side Public License 1.0, Debian decided that they won't be allowing it in their main repo. It also means that they might not be able to provide security fixes for older, DFSG-compatible versions. Currently, we're using MongoDB in 2 places:

  • EventLogging
  • xhgui

We don't have to do anything right now, but in the long term, we have several options:

  • Hope that SSPL 2.0 will be a free software license.
  • Use SSPL licensed packages from the vendor. This would require legal approval (and this license is even more restrictive than AGPL which we discussed in wikitech-l and general opinion was that it's not very good for us).
  • Use old packages until they're out of support. Then maybe someone comes up with a viable fork.
  • Stop using MongoDB.

Details

SubjectRepoBranchLines +/-
Remove unused python-pymongo from eventlogging::dependenciesoperations/puppetproduction+0 -1
Customize query in gerrit

Related Objects

Event Timeline

MaxSem created this task.Jan 17 2019, 2:04 AM
Restricted Application added a project: Analytics. · View Herald TranscriptJan 17 2019, 2:05 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
MaxSem mentioned this in T206152: Set up request debug profiling for PHP 7.Jan 17 2019, 2:06 AM
Peachey88 added a project: Software-Licensing.Jan 17 2019, 2:06 AM
MaxSem updated the task description. (Show Details)Jan 17 2019, 2:15 AM
Legoktm subscribed.Jan 17 2019, 2:20 AM

SSPL v2 is not substantially different, and IMO the perspective on the OSI's license-review wasn't very different from v1. I think it would be valuable to at least start planning on how to get rid of our MongoDB dependencies...

Krinkle subscribed.EditedJan 17 2019, 3:55 AM

XHGui is scheduled to be migrated from tungsten (Jessie; Mongo 2.4.10) to webperf1002 (Stretch). deployment-webperf12 in Beta currently has this partly provisioned already and via there I confirmed that our Stretch repo provides Mongo 3.2.11.

Ref T180761.

CDanis triaged this task as Medium priority.Jan 17 2019, 4:51 PM
Jdforrester-WMF subscribed.Jan 17 2019, 4:56 PM
mforns subscribed.Jan 17 2019, 6:05 PM

We do not use MongoDB in EventLogging production. Thanks for the heads up. Removing EventLogging and Analytics.

mforns removed projects: Analytics, MediaWiki-extensions-EventLogging.Jan 17 2019, 6:05 PM
mforns moved this task from Incoming to Radar on the Analytics board.Jan 17 2019, 6:13 PM
mforns added a project: Analytics.
MaxSem added a comment.Jan 17 2019, 6:50 PM

@mforns, so you don't need python-pymongo installed in eventlogging::dependencies?

Ottomata subscribed.Jan 17 2019, 6:50 PM

nope! def not. must be some super legacy thang.

gerritbot subscribed.Jan 17 2019, 6:52 PM

Change 485080 had a related patch set uploaded (by Ottomata; owner: Ottomata):
[operations/puppet@production] Remove unused python-pymongo from eventlogging::dependencies

https://gerrit.wikimedia.org/r/485080

gerritbot added a project: Patch-For-Review.Jan 17 2019, 6:52 PM
gerritbot added a comment.Jan 17 2019, 6:56 PM

Change 485080 merged by Ottomata:
[operations/puppet@production] Remove unused python-pymongo from eventlogging::dependencies

https://gerrit.wikimedia.org/r/485080

MoritzMuehlenhoff subscribed.Jan 17 2019, 7:09 PM
zhuyifei1999 subscribed.Jan 17 2019, 7:46 PM
Krinkle updated the task description. (Show Details)Jan 17 2019, 8:37 PM
Nuria removed a project: Analytics.Jan 17 2019, 8:37 PM
Krinkle removed a project: Patch-For-Review.Jan 17 2019, 8:39 PM
Legoktm added a project: VisualEditor.Jan 18 2019, 1:45 AM

The VisualEditor "rebaser" has some code/config related to mongodb: https://gerrit.wikimedia.org/g/VisualEditor/VisualEditor/+/cd8bf3e48b0d6f67333e2317afca4ade1829dca8/rebaser/config.dev.yaml (found via codesearch)

Krinkle updated the task description. (Show Details)Jan 22 2019, 8:51 PM
Krinkle updated the task description. (Show Details)
Krinkle moved this task from Inbox, needs triage to Radar on the Performance-Team board.Jan 22 2019, 9:19 PM
Krinkle edited projects, added Performance-Team (Radar); removed Performance-Team.
Krinkle moved this task from Limbo to Watching on the Performance-Team (Radar) board.
MaxSem updated the task description. (Show Details)Jan 22 2019, 9:26 PM
Krinkle updated the task description. (Show Details)Mar 5 2019, 3:24 PM
JTannerWMF moved this task from To Triage to External and Administrivia on the VisualEditor board.Mar 12 2019, 3:34 PM
Legoktm moved this task from Backlog to Non-free content on the Software-Licensing board.May 22 2019, 3:49 AM
Krinkle added a comment.May 22 2019, 6:53 PM

Meanwhile, over on the OSI license-review mailing list (March 2019 summary):

Lukas Atkinson wrote:

Eliot Horowitz announces that MongoDB retracts the SSPL from the OSI
approval process, citing a lack of community support as a reason.

Given we haven't heard any announcement from MongoDB to suggest a reconsideration of their license, this presumably means that for the foreseeable future MongoDB will stick with their new license, and continue without Debian support or OSI approval. I suppose it was worth a shot :)

Krinkle added a comment.May 22 2019, 6:55 PM

From the XHGui side, a refactor has landed that decouples it from the MongoDB backend, adding PHP-PDO support through which many different backends can be plugged in.

This refactor has landed in upstream master (though not yet released). Let's assume for now that this will provide an upgrade path by the time Debian Stretch goes EOL in 2020.

Krinkle closed this task as Resolved.May 22 2019, 6:56 PM
Krinkle claimed this task.

Closing for now as migration from MongoDB isn't in scope for this task and not something we need to do short-term.

Restricted Application added a project: User-Ryasmeen. · View Herald TranscriptMay 22 2019, 6:56 PM
Gacelperfinian mentioned this in T272111: Elasticsearch, a CirrusSearch dependency, is switching to SSPL/Custom licence.Jan 15 2021, 1:21 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL