half baked idea for further baking: "fedora-ugly" repo
Matthew Miller
mattdm at fedoraproject.org
Thu Feb 13 19:09:04 UTC 2014
On Thu, Feb 13, 2014 at 05:25:57PM +0100, Miroslav Suchý wrote:
> >long time). This repo would provide an integration space where packages
> >from diverse COPRs repos could come together, and also be more
> >discoverable by other Fedora developers and users (just add one repo).
> What would be content? All Copr packages. I could not imagine who would
> wanted all of those weird packages.
I'm not sure if this is a question. No, it wouldn't be all Copr packages,
because as you say, that's probably not what people want.
> I would be ok with such soft policy as is in
> https://www.debian.org/doc/manuals/developers-reference/resources#s4.6.4
> (see end of section 4.6.4.3)
The use case is different from that -- I think "software which is likely to
damage your system" should actually _stay out_ of this.
> > - repo would be off by default, but easily enabled in yum or in Gnome
> > Software
> Note that this would be possible soon with each individual Copr repository anyway by:
> dnf copr enable msuchy/myproject
> https://git.fedorahosted.org/cgit/copr.git/tree/dnf-plugin/copr_hook.py
> (currently under development)
Also not the same, because here you have to know the Copr to begin with.
> > - packages would be signed, possibly by a different key from the main
> > Fedora one.
> > - signing could be automatic rather than manual
> This is not trivial! It would mean either rebuilds in Koji. Or setup
> another instance of Sigul, and if you do that you can set it up for
> Corp too. But both are quite tricky.
It's not trivial, but it doesn't require either of those things. I think a
signing server with less security than Sigul would be adequate, or else a
Sigul instance with more relaxed policies.
--
Matthew Miller -- Fedora Project -- <mattdm at fedoraproject.org>
More information about the env-and-stacks
mailing list