Some questions around coprs

Thu Dec 5 12:44:54 UTC 2013

We (FESCo) seemed to be fairly agreed on that point (wrt COPR) if we
can solve the technical issues that Kevin brought up in this thread.

> 
> I think signing must be done by the copr creator (personally).
> 
> As each copr repo is independently timed and created, I’d be OK
> with a frequently scheduled rsync that pulls all coprs and drops
> them into the master mirrors, for downstreams to pick up at will.
> Probably in the pub/alt tree please.  That will minimize the # of
> mirrors that are looking for them too.
> 

We don't want to do ALL COPRs. There will definitely be a hierarchy.
At the FESCo meeting, we had the general sense that we would only want
to allow a limited set that FESCo has approved be available in the
main repo.

> I think the purgatory problem is one for each copr to decide.  Some
> may be bleeding edge, some may be backports of good stuff that
> changes infrequently.
> 
> I’d say _/no/_ to the meta-repo, for exactly the above reasons, and
> so 2 coprs may conflict and/or compete.  That’s their right.
> 

Exactly; hence the need for a FESCo approval to elevate one repo to
"acceptable to have a repo-providing RPM in the main Fedora repositories".

> -- Matt Domsch Distinguished Engineer, Director Dell | Software
> Group
> 
> 
> 
> -----Original Message----- From:
> infrastructure-bounces at lists.fedoraproject.org 
> [mailto:infrastructure-bounces at lists.fedoraproject.org] On Behalf
> Of Kevin Fenzi
> 
> Sent: Wednesday, December 04, 2013 2:20 PM To:
> infrastructure at lists.fedoraproject.org Subject: Some questions
> around coprs
> 
> So, at todays fesco meeting there was some discussion about coprs. 
> http://meetbot.fedoraproject.org/meetbot/fedora-meeting/2013-12-04/fesco.2013-12-04-17.59.log.html#l-52
>
> 
> 
> In particular some folks want to be able to ship copr repo files in
> the main Fedora repository. This would allow users to easily
> install software from there without having to discover how to
> enable it.
> 
> However, copr packages are not signed or mirrored currently.
> 
> So, this brings up thoughts around if we can somehow sign them, and
> how we could mirror them, or even if we want to go down this road
> at all.
> 
> (as it seems like not a use case copr's was designed for anyhow).
> 
> So:
> 
> 1. Do we even want to persue this?
> 
> 2. If so, do we have any ideas how signing copr packages could
> work?
> 
> 3. Mirroring doesn't seem like it would be that hard, just rsync
> off the repos and push them out in our regular mirroring system.
> Could be a fair bit of churn tho, and there's no set schedule, so
> we would have to decide on frequency, etc.
> 
> 4. If coprs moves to being inside koji, could we at that point have
> a better time with these needs?
> 
> 5. Perhaps we could propose some kind if pergatory type setup
> between coprs (experemental, just builds, may set your house on
> fire, may update incompatibly every day) and fedora repository
> packages (with all the updates guidelines, reviews, etc).
> 
> Thoughts? comments?
> 
> Possibly related to this: I wonder if copr could grow a 'meta
> repo' that has all the repodata of all existing coprs. Then you
> could just enable one thing and be able to install any coprs?
> 
> kevin
> 
> 
> 
> _______________________________________________ infrastructure
> mailing list infrastructure at lists.fedoraproject.org 
> https://admin.fedoraproject.org/mailman/listinfo/infrastructure
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlKgdUYACgkQeiVVYja6o6PQsACfdcxttqo0tFG07TYDjUNP4YCv
5w0An1KlbvjEZLxSWU5H0pG6Go97EgZz
=26mQ
-----END PGP SIGNATURE-----