Atomic status

Colin Walters walters at verbum.org
Fri Jul 18 21:04:26 UTC 2014 

On Fri, Jul 18, 2014, at 04:48 PM, Matthew Miller wrote:
> 
> From when we last talked, I thought you were going to bring up this last
> one
> as a policy question on the Fedora Cloud list? But also from our
> discussion,
> it doesn't look like keeping even full history would be hugely
> significant
> -- 1.6GB over the lifetime, _worst case_.

It's hard to give good numbers without a crystal ball for what packages
are going to change unfortunately.  But I would feel comfortable with
saying just a few gigabytes.

> I also don't think that we need
> to
> have this answered urgently... it's something we need to know by October,
> right?

Right.

> Can you elaborate here? If I remember right we had discussed this as a
> release blocker but not necessarily an immediate blocker (for example,
> not
> all RPMs in F21 branch are currently signed.)

Having the OSTree commits be signed will allow offline verification and
fetching over untrusted HTTP.

I think this is blocked on a decision about whether Fedora's GPG signing
could do detached signatures.

I talked with Mark Cox from Red Hat SRT, and we successfully prototyped
detatched signatures, and Trevor Jay validated the code.  It would be
unfortunate to implement an entirely new codepath for inline signatures,
particularly because this would break the ability to sign *after*
committing without changing the content.

(Think "promote existing testing build to stable)

But it's not out of the question, it just needs a conversation with the
relevant people.
 
> I think this is just making the above mirror available to ImageFactory
> during install.

Yeah, additionally we need some equivalent of fedora-repo-rawhide.ks in
the spin-kickstarts which knows how to retrieve it.  Now that current
one is based on MirrorManager, which ends up blocking on that thread,
until we get content sync'd to something like dl.fedoraproject.org.
 
> Again, let me know if it would help to have someone focused on this and
> I'll
> see if I can find the right help.

This one is on my plate to figure out.

> Based on our conversations last week and earlier this week, I don't think
> it's really so dire that it comes to "double down", but this is the
> direction I'd like to continue in. It's important to Fedora Cloud, and
> it's
> important to F21 messaging overall.

Ok, thanks!

More information about the infrastructure mailing list