On 2016-08-17 20:53, Jacco Ligthart wrote:
Hi Bjarne,
I'm back from holiday, so now I have some time to spend on RSEL.
That said, I no longer feel happy maintaining RSEL6, the two main
reasons being:
- I no longer have any machine running RSEL6 (all are migrated to
RSEL7 by now)
- I tried to upgrade RSEL6 to upstream version 6.8, but got next to no
feedback. Apparently nobody cares. Gordan did not even find the time
to sync it to the mirrors.
Apologies for this - my bad. :-(
I have now added a scheduled task to sync
jacco.ligthart.nu/Redsleeve6/Redsleeve6.8
down to the main FTP site.
Also, apologies for everything still being down to ftp-only.
Between work and family commitments I haven't had a chance to do
anything else recently. The old site was based on WordPress and I
got tired of emergency patching it every few weeks when a new
security hole gets identified. The plan was (and still is) to have
the WP site on a private subnet and do a flattened static export
to the main server, which with no server-side dyanmic components
should have no attack surface at all.
What you are asking below is IMHO effectively a patch to an already
outdated package, for which I don not even have the build environment
any more.
For RSEL7 I'm also not completely happy. A determined sysadmin can
install it on an system, but the process is not easy. I still hesitate
to build images, because I think the repositories are still not on
their final place.
True, this is an issue, particularly with repository syncing. The
discrepancy in part comes from the fact that building and signing
are separate steps in the process. Perhaps the way forward would be
to simplify the process. We put out a release package with your public
key, and skip the separation between staging and release where the
packages get re-signed.
That way the repositories take the shape of what is on
jacco.ligthart.nu/Redsleeve6/, and with these packages being
signed upstream, there is no extra process, just the rsync
down to distribute it to the mirrors.
Thoughts?
In short, Both for RSEL6 as for 7 I think we need to make some
agreements on who does what, where will stuff be located etc.
Agreed. What do you propose? Given that I no longer have any
RSEL6 or pre-ARMv7 machines in production, my ability to do
additional pre-release testing is pretty much gone, which
negates the usefulness of the extra pre-release and re-signing
step, so I think it makes sense to eliminate that step from
the process. I would be happy to pass the EL6 signing keys to
you so that any new packages will verify against the existing
release keys.
Gordan
_______________________________________________
users mailing list
[email protected]
https://lists.redsleeve.org/mailman/listinfo/users
