A proposal for Fedora updates

Sérgio Basto sergio at serjux.com
Mon Apr 20 16:11:50 UTC 2015 

On Ter, 2015-03-31 at 23:53 +0100, Sérgio Basto wrote:
> On Ter, 2015-03-31 at 16:11 -0600, Kevin Fenzi wrote:
> > On Tue, 31 Mar 2015 10:55:38 +0200
> > Miroslav Suchý <msuchy at redhat.com> wrote:
> > 
> > > On 03/27/2015 01:49 PM, Kevin Fenzi wrote:
> > > > * releng person gathers list of pending update requests from bodhi.
> > > >   (a few minutes)
> > > > 
> > > > * releng person looks over list for anything out of the ordinary or
> > > >   off. (another few minutes)
> > > > 
> > > > * releng person tells sigul to sign that list of packages and write
> > > > out the signed ones in koji. The releng person talks to the sigul
> > > > bridge and the sigul vault (which is not reachable via ssh) talks
> > > > to the bridge.
> > > 
> > > Few minutes, but manual minutes. IIRC rest of the process is
> > > automatic. Do we really need human here? What can be extraordinary
> > > here? Even if I have that security incident years ago in my mind, I
> > > could not figure out why we need human reviewing list of packages to
> > > sign.
> > 
> > Well, fully automated processes are good at just doing what they are
> > told, and humans are good (sometimes) at spotting patterns, so I could
> > see a human catching something like an old obviously not current
> > package being in the signing list, or some obvious bad version of a
> > existing package. Shrug. 
> > 
> > We have been working on automated signing of rawhide, and this could
> > replace the humans elsewhere too, 
> 
> I vote in automated updates-testing with one regularity of pushes (2
> times a day for example)  

And why I think that push to update-testing should be automated and
regular ? because some builds depends on other builds and, or we use
buildroot overrides or we wait for packages be pushed to  update-testing
and second option is simpler. The problem is if the pushes stops for
some reason (holidays, weekends etc) 


> > but we would want to make sure it has
> > checks and also lots and lots of reporting so humans can still see
> > something wrong and stop it from doing something bad. 
> > 
> > kevin
> > 
> > 
> > -- 
> > devel mailing list
> > devel at lists.fedoraproject.org
> > https://admin.fedoraproject.org/mailman/listinfo/devel
> > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> 
> -- 
> Sérgio M. B.
> 

-- 
Sérgio M. B.

More information about the devel mailing list