Need some updates push changes
Jesse Keating
jkeating at redhat.com
Wed Nov 25 16:56:06 UTC 2009
On Wed, 2009-11-25 at 07:54 -0500, Josh Boyer wrote:
> On the signing front alone, there are a couple things we could do with some
> additional bodhi/koji work. The first is to have koji auto-sign everything. I
> think that is the best solution, but it's also the farthest off and I would
> rather not wait for that. Another idea is to have bodhi put packages in a
> special tag when they are requested for push and remove them once the push is
> complete. E.g.
>
> User A submits package for F12 updates-testing push. Bodhi queues it up like
> normal, and does the equivalent of 'koji tag-pkg f12-updates-testing-push'.
> When the push is complete, it untags the packages from said tags.
>
> Then I could actually run the sigul script on the tag instead of relying on
> bodhi to get me a list of packages that need signing. It would increase the
> time I have for signing as well, since bodhi won't give me the list of packages
> queued while a push is going on.
We also need to get some mitr time to make sigul run multithreaded.
We're far far underutilizing the hardware we allocated for this system.
As to the above, why can't we just sign everything in the various
*-updates-candidate tags? You'll wind up signing more than what is
going to be pushed, but since you're doing it frequently it'll not
matter as much. Since we are using only one key for F11 and F12
updates, this would accomplish all the signing needed for those trees.
--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/rel-eng/attachments/20091125/3cc9096d/attachment.bin
More information about the rel-eng
mailing list