Delays in package processing
Ralf Corsepius
rc040203 at freenet.de
Thu Dec 20 06:12:49 UTC 2007
On Thu, 2007-12-20 at 05:39 +0100, Michael Schwendt wrote:
> On Wed, 19 Dec 2007 14:55:51 -0500, Tom "spot" Callaway wrote:
>
> >
> > On Wed, 2007-12-19 at 11:52 -0800, Bryan O'Sullivan wrote:
> >
> > > Is the package signing step done by hand? That's been my understanding,
> > > but maybe I'm missing something. It reminds me of Sigourney Weaver's
> > > role in "Galaxy Quest": a seemingly needless insertion of people into
> > > the process.
> > >
> > > If so, why? Can we switch to an automated process?
> >
> > It is currently a manual process, and Jesse Keating has been working for
> > some time to make an open source signing server that will work for
> > Fedora's infrastructure needs but also be useful for anyone.
>
> A signing-server doesn't fix everything. It may help with the security
> implications of giving away the key password as was done for Extras. But
> hoping for much more frequent or automated pushes of non-critical updates
> would be insane.
Isn't testing what is supposed to implement the "delay queue", which is
what you seem to be asking for.
> Releasing new repodata and new packages too often would
> make the repositories a moving target for all mirrors. The updates
> repository is continuously flooded with version upgrades, which move
> farther away from the tested gold release of the distribution only to
> break due to new bugs, which then require further updates.
At the same time Fedora+updates is suffering from bugs not receiving
fixes in reasonable time.
To put it bluntly:
* As a packager, I feel strangled by current release practice.
* As a user I am gradually feeling annoyed by seeing bugs not getting
fixed.
* If I were still a "low bandwidth user" I would quit Fedora now,
because updates are being pushed in "big chunks" blocking internet
access for hours once a week, instead of being fed with "small chunks"
in shorteŕ intervals.
Ralf
More information about the fedora-devel-list
mailing list