Hi Gordan and Jacco.
>True, this is an issue, particularly with repository syncing. The >discrepancy in part comes from the fact that building and signing >are separate steps in the process Here is where Koji have its advantage. My koji installation signs the package automatically in the end of the build process. >We put out a release package with your public >key, and skip the separation between staging and release where the >packages get re-signed To be honest - if we ever get a QA team the above makes sense. But until then all packages should be build direct to release. If any faulty packages they can be withdrawn. Less secure, but if nobody steps up then this is purely a best-effort distribution [😊] >Agreed. What do you propose? Given that I no longer have any >RSEL6 or pre-ARMv7 machines in production, my ability to do >additional pre-release testing is pretty much gone, which >negates the usefulness of the extra pre-release and re-signing >step, so I think it makes sense to eliminate that step from >the process. I would be happy to pass the EL6 signing keys to >you so that any new packages will verify against the existing >release keys. If both you and Jacco only run/maintain RSEL7 I will be the only one running RSEL6 (and I have only spent time on compiling EPEL6 for armv5tel in my spare time and I am not finished yet fixing all the broken EPEL6 packages). I dont want to - dont have the time to, handle that job. So, maybe it is time for me to jump to the future and (RS)EL7. I have not spent time on EL7 but why not joining forces with the CentOS7 arm team? Is there any problem with that? BR, Bjarne Sendt fra Outlook<http://aka.ms/weboutlook>
_______________________________________________ users mailing list [email protected] https://lists.redsleeve.org/mailman/listinfo/users
