A proposal for Fedora updates
Miroslav Suchý
msuchy at redhat.com
Tue Mar 31 08:55:38 UTC 2015
On 03/27/2015 01:49 PM, Kevin Fenzi wrote:
> * releng person gathers list of pending update requests from bodhi.
> (a few minutes)
>
> * releng person looks over list for anything out of the ordinary or
> off. (another few minutes)
>
> * releng person tells sigul to sign that list of packages and write out
> the signed ones in koji. The releng person talks to the sigul bridge
> and the sigul vault (which is not reachable via ssh) talks to the
> bridge.
Few minutes, but manual minutes. IIRC rest of the process is automatic.
Do we really need human here? What can be extraordinary here? Even if I have that security incident years ago in my
mind, I could not figure out why we need human reviewing list of packages to sign.
--
Miroslav Suchy, RHCE, RHCDS
Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys
More information about the devel
mailing list