half baked idea for further baking: "fedora-ugly" repo

Matthew Miller mattdm at fedoraproject.org
Thu Feb 13 19:09:04 UTC 2014

On Thu, Feb 13, 2014 at 05:25:57PM +0100, Miroslav Suchý wrote:
> >long time). This repo would provide an integration space where packages
> >from diverse COPRs repos could come together, and also be more
> >discoverable by other Fedora developers and users (just add one repo).
> What would be content? All Copr packages. I could not imagine who would
> wanted all of those weird packages.

I'm not sure if this is a question. No, it wouldn't be all Copr packages,
because as you say, that's probably not what people want.

> I would be ok with such soft policy as is in
> https://www.debian.org/doc/manuals/developers-reference/resources#s4.6.4
> (see end of section

The use case is different from that -- I think "software which is likely to
damage your system" should actually _stay out_ of this.

> >  - repo would be off by default, but easily enabled in yum or in Gnome
> >    Software
> Note that this would be possible soon with each individual Copr repository anyway by:
>   dnf copr enable msuchy/myproject
> https://git.fedorahosted.org/cgit/copr.git/tree/dnf-plugin/copr_hook.py
> (currently under development)

Also not the same, because here you have to know the Copr to begin with. 

> >  - packages would be signed, possibly by a different key from the main
> >    Fedora one.
> >  - signing could be automatic rather than manual
> This is not trivial! It would mean either rebuilds in Koji. Or setup
> another instance of Sigul, and if you do that you can set it up for
> Corp too. But both are quite tricky.

It's not trivial, but it doesn't require either of those things. I think a
signing server with less security than Sigul would be adequate, or else a
Sigul instance with more relaxed policies.

Matthew Miller    --   Fedora Project    --    <mattdm at fedoraproject.org>

More information about the env-and-stacks mailing list