We can have processes that make this faster but unfortunately if the infrastructure problem is bad enough, there's no way we can push package X out until the problem is at least partially resolved.Can I ask if there will be a plan for how to push a critical package update out to users if this was to happen again? By this I mean, package X has a critical security hole at the time of an infrastructure problem.
ie: We have to have a trusted machine to build packages on. We have to have a trusted machine to sign packages on. If we have to rebuild all of the boxes then all we can do is prioritise getting those back online and having a process for quickly getting the new key in use on those machines.
Description: OpenPGP digital signature