On Wed, 2009-11-25 at 07:54 -0500, Josh Boyer wrote:
On the signing front alone, there are a couple things we could do
with some
additional bodhi/koji work. The first is to have koji auto-sign everything. I
think that is the best solution, but it's also the farthest off and I would
rather not wait for that. Another idea is to have bodhi put packages in a
special tag when they are requested for push and remove them once the push is
complete. E.g.
User A submits package for F12 updates-testing push. Bodhi queues it up like
normal, and does the equivalent of 'koji tag-pkg f12-updates-testing-push'.
When the push is complete, it untags the packages from said tags.
Then I could actually run the sigul script on the tag instead of relying on
bodhi to get me a list of packages that need signing. It would increase the
time I have for signing as well, since bodhi won't give me the list of packages
queued while a push is going on.
We also need to get some mitr time to make sigul run multithreaded.
We're far far underutilizing the hardware we allocated for this system.
As to the above, why can't we just sign everything in the various
*-updates-candidate tags? You'll wind up signing more than what is
going to be pushed, but since you're doing it frequently it'll not
matter as much. Since we are using only one key for F11 and F12
updates, this would accomplish all the signing needed for those trees.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca:
http://identi.ca/jkeating