Updates being pushed?
Toshio Kuratomi
a.badger at gmail.com
Thu Aug 28 19:34:48 UTC 2008
nodata wrote:
>
> Can I ask if there will be a plan for how to push a critical package
> update out to users if this was to happen again?
>
> By this I mean, package X has a critical security hole at the time of an
> infrastructure problem.
>
We can have processes that make this faster but unfortunately if the
infrastructure problem is bad enough, there's no way we can push package
X out until the problem is at least partially resolved.
ie: We have to have a trusted machine to build packages on. We have to
have a trusted machine to sign packages on. If we have to rebuild all
of the boxes then all we can do is prioritise getting those back online
and having a process for quickly getting the new key in use on those
machines.
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20080828/f9aaf330/attachment.bin
More information about the devel
mailing list