At the Tor Project, we're always on the lookout for opportunities to contribute back to the communities around the platforms and tools we depend on to keep the lights on. Puppet and Debian are two such projects, so we're happy to announce that the upcoming Debian stable release, codename bookworm, will deliver an up-to-date suite of Puppet software thanks to the efforts of the Tor Project!
A year ago, TPA (AKA Tor Project sysadmin Team) started planning an upgrade of our fleet of nearly 100 Debian machines to the latest stable release, bullseye. One item of concern was that not only were the Puppet packages in Debian bullseye already nearly end-of-life (version 5.5), but the PuppetDB package was also now missing entirely from the distribution. At this point it seemed the only feasible option would be to migrate our entire Puppet infrastructure to the vendor-supplied packages.
So why not switch over to the upstream Puppetlabs packages and call it a day? Essentially, because deploying software directly from vendors is not a decision we take lightly, and because Puppet is such a core component of our infrastructure, this called for careful consideration.