Secondary ARCH

Dennis Gilmore dennis at ausil.us
Thu Mar 8 22:42:14 UTC 2007


On Thursday 08 March 2007 04:19:23 pm Bill Nottingham wrote:
> Mike McGrath (mmcgrath at redhat.com) said:
> > >I think this is a good start.  I'm a little concerned with how we ensure
> > >that what they put up as "Fedora" stuff is actually Fedora stuff,
> > >generated legally, securely, etc...  We haven't really had to think on
> > >this before because we only put up what we generate, now we're going to
> > >put up what somebody else generates from a different system.  Just
> > >something that will keep me up at night.
> >
> > I'd say the same way we do it now, bugzilla.
> > (https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224627) for
> > example.  We have ultimate control to remove something if we need to.
>
> I think what he's asking is do we have the resources to *review* that
> stuff is built from the same/similar sources, etc.
>
> Bill

the goal is to have the secondary arch buildsys pull from fedora cvs.  we 
could make sure that we have root access to all build systems so we can spot 
check and make sure they have not pointed the buildsys at a different SCM we 
could do diffs on the SRPMS from secondary archs and primary archs.  
Secondary arch SRPMS  must match primary arch ones.  any patches they need 
must get put in to cvs and build across all archs

-- 
Dennis Gilmore, RHCE




More information about the advisory-board mailing list