Speaker Deck

Outsourcing your webapp maintenance to Debian

by Francois Marier

Published August 29, 2014 in Programming

Today's web applications often have a lot of external dependencies. Start off with a basic framework, sprinkle a couple of handy modules and finish with a generous serving of JavaScript front-end libraries.

What you end up is a gigantic mess of code from different sources which follow very different release schedules and policies. Language-specific package managers can automate much of the dependency resolution and package installation, but you're on your own in terms of integration and quality assurance. Also, the minute you start distributing someone else's code with your project, you become responsible for the security of that third-party code.

We moved away from statically-linked C/C++ programs a long time ago and now (mostly) live in a nicely-packaged shared library world. Can we leverage the power of Debian (i.e. the great work of the package maintainers and security team) to similarly reduce the burden of those who end up having to maintain our webapps?

This talk will examine the decision that the Libravatar project made to outsource much of its maintenance burden to Debian by using system packages for almost everything.