Not to be a complainer, but are Bodhi updates being pushed again after the other week's events? Or is something still wrong/not yet checked with that part of the infrastructure? The queue seems to be as deep as I've ever seen it so far. Just curious...
- Alan
On Thu, Aug 28, 2008 at 02:47:46PM -0400, Alan Dunn wrote:
Not to be a complainer, but are Bodhi updates being pushed again after the other week's events? Or is something still wrong/not yet checked with that part of the infrastructure? The queue seems to be as deep as I've ever seen it so far. Just curious...
Plans are still being made and decided on about how to revoke the current gpg key used to sign RPMs. I think this has progressed to the point where the plan is set, and now they are starting to execute it.
josh
On Thu, 2008-08-28 at 14:47 -0400, Alan Dunn wrote:
Not to be a complainer, but are Bodhi updates being pushed again after the other week's events? Or is something still wrong/not yet checked with that part of the infrastructure? The queue seems to be as deep as I've ever seen it so far. Just curious...
- Alan
As part of the recover from the last few weeks' events, we have to introduce a new set of signing keys into Fedora. I'm currently re-signing all of the 8 and 9 content with these new keys so that we can make them available along with the new updates with the new key for these product lines. This is going to take some time due to the nature of how our signing works. It's also taken some times to hash out a good migration plan for users and start working on the documentation and the bits and pieces to make this happen. Expect to hear more about this in the next day or three.
Am Donnerstag, den 28.08.2008, 11:52 -0700 schrieb Jesse Keating:
On Thu, 2008-08-28 at 14:47 -0400, Alan Dunn wrote:
Not to be a complainer, but are Bodhi updates being pushed again after the other week's events? Or is something still wrong/not yet checked with that part of the infrastructure? The queue seems to be as deep as I've ever seen it so far. Just curious...
- Alan
As part of the recover from the last few weeks' events, we have to introduce a new set of signing keys into Fedora. I'm currently re-signing all of the 8 and 9 content with these new keys so that we can make them available along with the new updates with the new key for these product lines. This is going to take some time due to the nature of how our signing works. It's also taken some times to hash out a good migration plan for users and start working on the documentation and the bits and pieces to make this happen. Expect to hear more about this in the next day or three.
Can I ask if there will be a plan for how to push a critical package update out to users if this was to happen again?
By this I mean, package X has a critical security hole at the time of an infrastructure problem.
On Thu, 2008-08-28 at 21:19 +0200, nodata wrote:
Can I ask if there will be a plan for how to push a critical package update out to users if this was to happen again?
By this I mean, package X has a critical security hole at the time of an infrastructure problem.
"Whatever it takes" I think is the plan. More seriously we could spend weeks planning around each and every kind of failure that could happen, but I'm confident that we'll always find a way to get a critical update onto a public webserver should the need arise.
nodata wrote:
Can I ask if there will be a plan for how to push a critical package update out to users if this was to happen again?
By this I mean, package X has a critical security hole at the time of an infrastructure problem.
We can have processes that make this faster but unfortunately if the infrastructure problem is bad enough, there's no way we can push package X out until the problem is at least partially resolved.
ie: We have to have a trusted machine to build packages on. We have to have a trusted machine to sign packages on. If we have to rebuild all of the boxes then all we can do is prioritise getting those back online and having a process for quickly getting the new key in use on those machines.
-Toshio