On 03/27/2017 11:54 AM, Alan Pevec wrote: >> We've also packaged all the components; at this point the image does not use >> pip or git to build the image. > > Excellent milestone on the path to SF productization! I wonder though > where are package reviews happening?
Well we didn't made formal package review, just created all the distgit (about 50) on softwarefactory-project.io gerrit. > Legal requirements we got, is to have a public package review for at > least licensing and crypto check. > With the standard packaging tooling (fedora-review) still requiring > Bugzilla ticket that means having Package Review BZ open. In RDO we > have per-release trackers e.g. Ocata > https://bugzilla.redhat.com/show_bug.cgi?id=RDO-OCATA > Since SF is not using Bugzilla, we could host those formal reviews in > RDO/PackageReview component, linked under a separate tracker. > Other option is to make fedora-review work with Gerrit and run > automated part as a check job on package imports. > > Cheers, > Alan > Ideally we would prefer doing the legal checks through gerrit review indeed, and I assume it's a requirement for centos SIG packages right? I guess the next step is to address epel dependencies[0] and bump the productivity sig request[1] to start proposing those packages to cbs directly. -Tristan [0]: https://softwarefactory-project.io/etherpad/p/sf-epel-req [1]: https://lists.centos.org/pipermail/centos-devel/2016-December/015447.html
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Softwarefactory-dev mailing list [email protected] https://www.redhat.com/mailman/listinfo/softwarefactory-dev
