Need some updates push changes

Jesse Keating jkeating at redhat.com
Wed Nov 25 18:43:32 UTC 2009 

On Wed, 2009-11-25 at 13:42 -0500, Josh Boyer wrote:
> On Wed, Nov 25, 2009 at 08:56:06AM -0800, Jesse Keating wrote:
> >On Wed, 2009-11-25 at 07:54 -0500, Josh Boyer wrote:
> >> On the signing front alone, there are a couple things we could do with some
> >> additional bodhi/koji work.  The first is to have koji auto-sign everything.  I
> >> think that is the best solution, but it's also the farthest off and I would
> >> rather not wait for that.  Another idea is to have bodhi put packages in a
> >> special tag when they are requested for push and remove them once the push is
> >> complete.  E.g.
> >> 
> >> User A submits package for F12 updates-testing push.  Bodhi queues it up like
> >> normal, and does the equivalent of 'koji tag-pkg f12-updates-testing-push'.
> >> When the push is complete, it untags the packages from said tags.
> >> 
> >> Then I could actually run the sigul script on the tag instead of relying on
> >> bodhi to get me a list of packages that need signing.  It would increase the
> >> time I have for signing as well, since bodhi won't give me the list of packages
> >> queued while a push is going on. 
> >
> >We also need to get some mitr time to make sigul run multithreaded.
> >We're far far underutilizing the hardware we allocated for this system.
> >
> >As to the above, why can't we just sign everything in the various
> >*-updates-candidate tags?  You'll wind up signing more than what is
> >going to be pushed, but since you're doing it frequently it'll not
> >matter as much.  Since we are using only one key for F11 and F12
> >updates, this would accomplish all the signing needed for those trees.
> 
> Aside from the time and koji storage, I see no real issues.  I was going
> to try that next week.  I'll let you know how it goes.
> 
> josh

Koji storage would be a good test, as it's a small flavor of
"automatically sign everything" which is an approved proposal.

-- 
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/rel-eng/attachments/20091125/16da23ff/attachment.bin

More information about the rel-eng mailing list