I'm seeing some agreement in the discussion as to what main
"user-visible" services are needed, where I'd order from highest
priority to lowest:

1.  SCM 

   - CVS for now

   - discussion of alternatives to come.

     I have set up Darcs, Git, and Mercurial repositories out of CVS
     (I should make tarballs for them); I'll see about publishing
     copies of these in the interests of letting people fiddle with
     them to see how they like them.  SVN, too.

2.  Mailing list manager 

    Mailman seems an uncontroversial choice

3.  A bug tracker

    A highly integrated option seems out of scope at the moment, when
    still on CVS.

    The only highly integrated option I'm aware of is TRAC, which
    would imply use of SVN and which would also become the web site
    content system.

    If we borrowed access to the CMD Bugzilla instance, that could
    ultimately share things with PostgreSQL proper, and would be one
    fewer servers that need to get set up.  I'd be happy with that.

4.  Web site content system

    Initially, this should simply be Apache with a few files worth of
    "glue."

    But it would be good to then pick some CMS system, whether that be
    biased towards Wiki or blog, which would mean that we'd not have
    mouldering sets of directories with increasingly busted sets of
    HTML files...

    There are a lot of potential choices, alas, and plenty of
    opportunity for controversy to rage on the basis of which
    scripting languages you love/hate (PHP and Perl, particularly).

    It would be an excellent thing for a system chosen to be
    DB-driven, so that having a Slony-I-driven replica would be a
    sample application.

There are further needful services that aren't so user-visible:

5.  Backups of ALL of the above being available; we have 3 clear
    volunteers to back these up in a distributed fashion, which seems
    to me to cover redundancy fairly nicely.

    One challenge is in making it easy to recover this; Vivek pointed
    out the idea of running this in a virtual machine (plausible with
    either Xen or VMWare), so that one could backup the entire
    "machine" with relative ease.

    The other approach would be to use a Linux distribution that is
    highly "packageized" (e.g. - Debian, Ubuntu, Fedora) where all
    extensions would be installed as packages, making it fairly easy
    to replicate system configuration.

    In any case, having rsync/scp access to all the relevant data and
    application configuration, and giving that access to the
    volunteers, is good coverage of backups.

6.  Perhaps some sort of DNS management diversity

    If there's only one server, there's not much value in having
    diverse managers of nameservers.

    But making sure that more than one party can manage nameservers
    would allow shifting this, in a pinch.  The recent troubles with
    PG DNS would be nice to avoid...

7.  Something resembling 7x24 support

    We obviously have recently seen a lack of that.

    If all that the Slony-I host provides, as services, are:
     a) CVS
     b) Mailman
     c) Perhaps NOT a bug tracker
     d) Apache with access to certain filesystems,

    I daresay that I could pretty much recreate that configuration in
    a couple hours from scratch, which would include rummaging around
    for a boot image to get a computer up and running.

    If the components are relatively pedestrian, and none involve
    particularly "deviant" configuration, then there's little that can
    go wrong, and "scrape off and rebuild from remote backups"
    represents a perfectly reasonable disaster recovery plan.
    Andrew's requirements that there be at least 2 people with
    knowledge+access privileges+authority to repair a service is
    easily achieved.

    At the other end of the spectrum, a complex Drupal instance
    combined with Apache virtual hosts could be a big pain to recover.
    Complex web apps that mix together a combination of config tables
    in a database, XML files hiding somewhere, as well as other
    text-based configuration, can easily leap into the "only <Ms. Foo>
    can fix that" scenario.

    It doesn't make sense to leap into any of that without an option
    that *three* parties can support, which is probably CMD staff,
    Afilias staff, and (for European representation) Stefan
    Kaltenbrunner.

    It may appear anti-democratic, but it seems reasonable to argue
    that what is reasonably supportable depends on what those three
    parties can agree on.  It's not to say that others shouldn't be
    heard, but what's supportable does depend on the people doing the
    supporting...
-- 
"cbbrowne","@","ca.afilias.info"
<http://dba2.int.libertyrms.com/>
Christopher Browne
(416) 673-4124 (land)