Public Announcment for Fedora Extras

Luke Macken lmacken at redhat.com
Fri May 19 21:18:31 UTC 2006


On Fri, May 19, 2006 at 04:32:25PM -0400, Josh Bressers wrote:
> > 
> > In Legacy we use the bugzilla number as the update ID.  I'm not entirely
> > sure how Fedora does it.  I think it may come from the update tool, and
> > if/when we move the update tool to be external and work for all Fedora
> > stuff then it would be easy to have uniques.
> > 
> 
> I was thinking about this just the other day.  There are two things that
> could work I think.  The first is to use the bugzilla ID.  This has the
> advantage of being unique and easy, but has the disadvantage of being a
> seemingly random number.

What about multiple bugs per update ?

> The second idea is how we did Core updates long long ago (well sort of).

The way Core updates were done long ago was a problem, and it has been
fixed via the update system.

> We put a file in our cvs repository that looks a bit like this
> 
> 2006-001
> 2006-002
> 2006-003
> <see if you can figure out what's next>
> 
> We then take one
> 
> 2006-001 some package
> 
> and commit the file.  It's important we remember to commit the file lest
> someone else steal it.  It prevents concurrency issues as only one person
> can commit at a time.
> 
> Ideally I think it would be best to have a directory layout as such
> 
> advisories/
>     ids
>     text/
>         2006-001
> 
> We could then write a script that we run with a package name.  It then
> modifies the ids file, adds a new skeleton file in text/ then runs
> cvs commit -m 'Create errata 2006-001'
> 
> Once we're happy with the errata text (multiple people can read/modify it),
> we run another command that magically mails it to the list in question, and
> makes a note in the ids file that it's been "pushed" along with the date.
> This would allow us to work on advisories before the packages are ready.
> 
> We could also then generate a sort of advisory index page for the project
> so when we find some web space somewhere, publishing our advisories is
> trivial.
> 
> If we ensure we note the bugs fixed in our errata it will also be possible
> to close the bugs automagically via our script.

The current update system already automatically generates and sends
advisory text, as well as automatic bug commenting/closing.

> Thoughts?

Seeing as how getting the update system out from under it's rock is
getting to be a pretty large priority, I'd hate to have us duplicate
this functionality for Extras/Legacy/Core.

Ideally, it would be nice to have a single system which can be used to
push core/extras/legacy updates and give us the ability to generate
project-wide statistics, and automate mailing list and bugzilla
interaction.

I jotted down some notes[0] a while back on making the current update
system more modular to be able to extend legacy and extras, but due to
classes/finals have been unable to implement it.  Thoughts?

luke

[0]: http://fedoraproject.org/wiki/Infrastructure/UpdateSystem




More information about the Fedora-security-list mailing list