On Tue, 13 Nov 2012, Garrett Holmstrom wrote:
On 2012-11-12 12:38, Seth Vidal wrote:
What I mean is: when I build a package for Fedora, I go through the Koji
build system. I can't just kludge up a binary RPM and have it get sent
out
into the mirror. And, anyone can go into Koji and see the packages I've
built -- and see how they were built, if they want. And although the GPG
package signing process is also a black box to some degree, Bodhi gives
pretty good transparency into the path an update takes.
They can see what happened, they may not actually be able to get the
pkg... We don't keep pkgs forever.
But we do for releases, from which all previous release images have been
spun, AFAIK. The cloud SIG made sure of that quite early on in its lifetime
to keep everything GPL-compliant, and it might be worth keeping in mind as we
consider how to build images for future releases.
and I a pretty sure for releases we're talking about something else. This
is for continual/nightly image generation, unless I'm mistaken.
-sv
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure
