On Friday 24 October 2003 16:26, Warren Togami uttered: > mach is fine if you fully trust the sources you are putting into it. It > currently uses regular chroots, automatically populating the tree with > build requirements (there are some caveats). > > I would recommend doing things manually or being very careful with mach > to make sure the entire build server is clean and uncompromised by the > time we install mach+vserver+djinni. > > fedora.us has been, and continues to build things manually within > vservers, manually installing BuildRequires as needed. Ah, since vservers will be in the final build system, perhaps a manual method in vservers is a better idea. I'm all for that, and since you've had experience with it, I hope that I can work with you on the initial setup. > Please ask RH for membership to mirror-list-d. There are MANY mirror > admins there that respond quickly. Will do. > Somebody (might have been mkj) mentioned that it makes more sense for > Legacy to exist within RH/FC's Bugzilla, because almost all security > errata for old systems may be relevant to the latest systems and RHEL > too. No sense duplicating effort. By keeping it within the same > database it is easy to cross-link with "Bug XXXXXX" strings within > reports. > > Please bug the RHatters about this one again. Ah, I hadn't really gotten any feedback on this. Wasn't sure if we were going to use Bugzilla for the QA process or package submission process or what. I'll see how RH feels about giving access to their bugzilla to non-rh people. > May I caution being very paranoid with handing out builder logins. The > eventual mach+vserver+djinni system would be abstracted so NOBODY needs > root access in order to feed packages to the queue. Before that build > system is ready, I would recommend doing thorough QA analysis of > packages like fedora.us currently does in our Bugzilla, and build them > manually within vservers. I can quickly explain how all this works. Right, I was hoping to only give a couple out, one to you off the top of my head, since you'll be helping me set it up *wink*. > Since the volume of packages for Fedora Legacy will be relatively small > compared to fedora.us, only one or two builders should be necessary. I > personally had set aside a computer at my house exclusively for ssh > access into fedora.us' build server, but I am more paranoid than most. k, we can have a couple people who's function is to push src.rpms through the build system. Bugzilla to submit a .src.rpm for QA consumption, push it through the build system, QA it, then finally rebuild and sign it? -- Jesse Keating RHCE MCSE (http://geek.j2solutions.net) Fedora Legacy Team (http://www.fedora.us/wiki/FedoraLegacy) Mondo DevTeam (www.mondorescue.org) GPG Public Key (http://geek.j2solutions.net/jkeating.j2solutions.pub) Was I helpful? Let others know: http://svcs.affero.net/rm.php?r=jkeating
Attachment:
pgp00076.pgp
Description: signature