On Thursday, October 31, 2019 7:04:47 AM EDT Aleksandra Fedorova wrote:
Following pingou's advice adding ci(a)fedoraproject.org
On Wed, Oct 30, 2019 at 10:03 PM Ben Cotton <bcotton(a)redhat.com> wrote:
>
>
> (skipped)
>
>
>
> Note - I do not know *how* to add a run of the annocheck program to
> the Bodhi process. This change request is about asking that such a
> thing be added.
In this form I think it doesn't qualify as Fedora Change, so let's see
how we can rework it.
> * Proposal owners:
> In theory there is very little that I can do personally. I do not
> have the knowledge to change the Bodhi process myself, so I will have
> to rely upon someone else to do that. I am familiar with the annobin
> package however, so any changes that are needed to it I will be happy
> to make.
We have a similar check coming to Fedora Rawhide gating. It is called
rpminspect [1]. Check also the talk from Flock 2019 [2].
Tim Flink and David Cantrell are driving it, and afaik it is close to
being done: the Jenkins job is already up and running and we are
hooking it into the gating framework.
If I understand correctly, the setup for annocheck should be very
similar, so we can reuse most of the work done for rpminspect, with
only the content of the test being different.
There are several work items related to that: setup of a Jenkins job,
update of a Jenkins which is needed to migrate to a new Fedora
messaging infrastructure.
We can coordinate of that via Fedora CI SIG [3], next meeting is on
November 4th [4] by the way.
Maybe we can make it a joint effort and file one change for both
rpminspect and annocheck?
And one tangential question...will rpmfusion and others be held to this new
standard? Many of the multimedia parsers that round out the Fedora ecosystem
come from that repository. They also tend to have a lot of CVE's. I've
scanned a number of packages that handle untrusted content and the use of
protection mechanisms are really not up to par with the rest of Fedora.
-Steve