On Sun, 24 Jun 2012, David Hrbáč wrote:
Dne 24.6.2012 03:45, Nico Kadel-Garcia napsal(a):
A better question, perhaps, is "how can we best help" ?
Nico's right. We know the issue and even the solution. We need to come
up with a new build infra and workflow to build, test, sign and push. We
can create something like "two or more sign-offs are ok" to sign and
push a new package in the wild.
Indeed. The aim is to have a new repository (repoforge) and signature that
is managed by more than one person so that existing users can make the
deliberate choice from 'trusting me' to 'trusting the project'.
But that raises more than one question:
- who is to be trusted
- what infrastructure to be used
- project governance
- who has the time to help with this
I know that I am responsible for the lack and delay of updates at times
(clamav is not a good example) but I am not the sole responsible of this
project not moving to a new and better infrastructure and into a better
governed project.
Another point to raise, all SPEC files and changes are available, so
anyone with the time and energy to improve any process is welcome to do
so. There is no special sauce or machinery keeping you from doing what
this project is doing. If this works well, we can switch to this new
infrastructure.
One of the things mentioned several times was a repoclosure job that would
send repoclosure problems to the packagers list to identify and fixes
dependency problems. Anyone can do that already and start fixing issues.
--
-- dag wieers, [email protected], http://dag.wieers.com/
-- dagit linux solutions, [email protected], http://dagit.net/
[Any errors in spelling, tact or fact are transmission errors]
_______________________________________________
users mailing list
[email protected]
http://lists.repoforge.org/mailman/listinfo/users
