Random thoughts/crazy idea: Drop SSL certs
Pierre-Yves Chibon
pingou at pingoured.fr
Mon Apr 27 17:44:16 UTC 2015
On Mon, Apr 27, 2015 at 01:39:45PM -0400, Colin Walters wrote:
> On Mon, Apr 27, 2015, at 01:12 PM, Pierre-Yves Chibon wrote:
>
> > But we allow new-comers to make scratch-build on koji before they are in the
> > packager group. Giving them the opportunity to test their build in real
> > condition.
>
> The "non-packager scratch build" case is addressed by COPR, no?
Well, not entirely, copr is not providing exactly the same environment as koji,
so some build might pass on copr and not in koji.
> > Using ssh could also become problematic for application like koschei no?
>
> I don't see why - it's just as easy to make a ssh key for an application
> as it is for an SSL certificate. If starting a build is a matter of ssh
> restricted logins, it wouldn't be that hard to create a connection
> programmatically, via subprocess or one of the ssh shared libraries.
>
> (Also, it'd be nice if I could include X-Koji-Build-Now: yes metadata
> in the commit message and skip the secondary build invocation entirely,
> or even go to a model where builds happen on commit by default,
> with a way to opt-out)
I wonder how often people commit to master without building behind, a good
question for fedmsg one of these days.
Pierre
More information about the rel-eng
mailing list