[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: make force-tag gone

On Tue, 2008-09-09 at 09:46 -0700, Jesse Keating wrote:
> On Tue, 2008-09-09 at 18:03 +0200, Denis Leroy wrote:
> > 
> > There's no logic here. You're not forcing people to tag after every CVS 
> > check-in, as far as I know. If a release 'n' fails to build (for 
> > example, because you forgot to check-in a patch), it makes zero sense to 
> > bump to n+1, because release 'n' never *existed* in the first place, 
> > since it was never built. That has zero impact over auditing. Spec file 
> > auditing is done through CVS.
> The audit part is something of a red herring.  The GPL compliance part
> is what is bothersome.  If we want to save archive space by relying on
> re-generating srpms of shipped binaries on demand, we need to ensure
> that CVS tags don't change over time.  For better or worse, we build
> from CVS tags, so to get the source that matched the build, we have to
> checkout via CVS tags.  If those tags can change over time, the trust
> level is gone.  That's why there is a push to make the tags immutable,
> or at least the successfully built tags immutable.
> Personally I just want to move off of CVS and off of building from tags,
> and instead build from something inherently immutable, like the shasum
> of the repo at a given time.
> MikeB said that he'd look into some CVS/make changes that would allow
> checking koji for an on going or successful build of a tag/n-v-r before
> allowing a force-tag.  This would allow folks to force-tag before having
> a successful build, but would not allow you to force the tag after a
> successful build, or while a build is still going with that n-v-r.
> I think this approach, while it may slow down force-tags and prevent
> force-tags during any koji outage, will give us the best of both worlds.



Simo Sorce * Red Hat, Inc * New York

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]