"Action Items" From FUDCon?
Jeff Spaleta
jspaleta at gmail.com
Mon Jan 14 06:02:46 UTC 2008
On Jan 13, 2008 8:50 PM, Jeffrey Ollie <jeff at ocjtech.us> wrote:
> >From what I know of CVS, this isn't possible from inside CVS and
> likely very difficult from outside CVS too. Basically, you'd have to
> set up a database outside CVS that would track the version (and maybe
> the MD5/SHA signature) of every file that koji used to build the SRPM.
> With this setup you could at least know if CVS had been messed with
> after Koji did the build.
Are you aware of what are cvs is setup to do right now? make srpm
basically provides the needed functionality in a checked out cvs tree.
For the purpose of recreating srpms for binaries we distribute
on-demand we just have to have tags we can trust corresponding to a
build we can trust. In discussion with infrastructure and release
people before it was brought up that it would be a good idea to have
koji re-tag back into cvs after a build to indicate it was a
releasable build and that its a trivial change in how things are done.
-jef
More information about the fedora-advisory-board
mailing list