On 2016-08-18 18:32, Bjarne Saltbæk wrote:
Hi Gordan and Jacco.
True, this is an issue, particularly with repository syncing. The
discrepancy in part comes from the fact that building and signing
are separate steps in the process
Here is where Koji have its advantage. My koji installation signs the
package automatically in the end of the build process.
Indeed, but my big ARM machine is internet facing, and I am not
entirely comfortable keeping the signing keys on a machine that
isn't air gapped.
We put out a release package with your public
key, and skip the separation between staging and release where the
packages get re-signed
To be honest - if we ever get a QA team the above makes sense. But
until then all packages should be build direct to release. If any
faulty packages they can be withdrawn.
Less secure, but if nobody steps up then this is purely a best-effort
distribution
Indeed, that is exactly what I was saying.
Agreed. What do you propose? Given that I no longer have any
RSEL6 or pre-ARMv7 machines in production, my ability to do
additional pre-release testing is pretty much gone, which
negates the usefulness of the extra pre-release and re-signing
step, so I think it makes sense to eliminate that step from
the process. I would be happy to pass the EL6 signing keys to
you so that any new packages will verify against the existing
release keys.
If both you and Jacco only run/maintain RSEL7 I will be the only one
running RSEL6 (and I have only spent time on compiling EPEL6 for
armv5tel in my spare time and I am not finished yet fixing all the
broken EPEL6 packages). I dont want to - dont have the time to, handle
that job.
So, maybe it is time for me to jump to the future and (RS)EL7.
I'm in the same boat, I haven't had a chance to touch anything
RSEL related in weeks. :-(
I think there is a lot of value in having an automated system
churning out package updates as and when they appear upstream.
Even if there are FTBFS packages, if we have a list of those
somewhere visible, then whoever from the community needs them
can step up and fix them.
I've been thinking about this a lot and the more I think about
it the more I am leaning toward putting everything on github.
I have not spent time on EL7 but why not joining forces with the
CentOS7 arm team? Is there any problem with that?
It is already happening to a large extent. They took a whole
bunch of Jacco's patches to fix various EL7 FTBFS issue on ARM
a while back, and since CentOS is effectively our upstream for
EL7, we are benefiting from any fixes they apply.
Gordan
_______________________________________________
users mailing list
[email protected]
https://lists.redsleeve.org/mailman/listinfo/users
