[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: June stable push ?



On 06/12/2009 09:29 AM, Ray Van Dolson wrote:
> On Fri, Jun 12, 2009 at 09:25:34AM -0700, Toshio Kuratomi wrote:
>> On 06/12/2009 09:07 AM, Ray Van Dolson wrote:
>>> I know we can do EL scratch builds on Koji now.  How close are we to
>>> having the entire update process managed through Koji/Bodhi?  This
>>> would make these monthly pushes unnecessary...
>>>
>> Actually... It wouldn't make the pushes unnecessary.  It would just
>> change what needs to be done in order to push.  Bodhi queues packages to
>> push.  Someone still has to go through and sign the packages in the
>> queue and tell Bodhi to push them out.
> 
> Ah, obviously I'm not familiar with that process.  I guess it's still
> manual?  It certainly happens more than once a month for Fedora.  Would
> an EPEL member need to be tasked with doing the signing and Bodhi
> interaction?
> 
Currently people want to keep the EPEL signing key and Fedora signing
key trusted users separate.  I think someone should be able to sign with
both the EPEL key and the Fedora key if they're trusted to do so by both
projects but it hasn't come to a point where someone wanted to sign for
both yet that I know.  If there's not enough EPEL signers, getting the
rel-eng people who do Fedora signing to also sign for EPEL is a
possibility but I think that should be explored once bodhi-EPEL
integration is done and we know if it's really where the bottleneck lies.

> Does the signer do some sort of manual inspection or QA that prevents
> this from being automated?
> 
They can.  (For EPEL, that might consist of checking whether the package
has seen enough time in testing, doesn't break API without reason, etc.)
 In Fedora there isn't much inspection done except around release time.
 However, the fact that someone has to type in a password to unlock the
signing key means that the process cannot be completely automated.

Also note that currently the Fedora Update process requires some amount
of babysitting as problems can occur during update that have to be fixed
and then the update resubmitted.

-Toshio

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]