> On Friday 24 October 2003 16:26, Warren Togami uttered: > >> Since the volume of packages for Fedora Legacy will be relatively small >> compared to fedora.us, only one or two builders should be necessary. I >> personally had set aside a computer at my house exclusively for ssh >> access into fedora.us' build server, but I am more paranoid than most. > > k, we can have a couple people who's function is to push src.rpms through > the > build system. Bugzilla to submit a .src.rpm for QA consumption, push it > through the build system, QA it, then finally rebuild and sign it? fedora.us currently doesn't build packages until they are fully approved by the QA people, then our package goes into a "pending" repository for easy installation and binary verification. After that point the QA people can give the final "VERIFIED" message and the package is published. Some of us have wanted to make a "submission" repository containing packages that have not yet been checked by QA, but the big concern there is security of the sources and trust. 90% of the current fedora.us team refuses to install anything unless they check the SRPM over manually first. This really slowed things down, but I believe it should work for Legacy since much fewer packages need QA, and they can all be verified by reading diffs from the previous version. Warren
