On Ter, 2015-03-31 at 23:53 +0100, Sérgio Basto wrote: > On Ter, 2015-03-31 at 16:11 -0600, Kevin Fenzi wrote: > > On Tue, 31 Mar 2015 10:55:38 +0200 > > Miroslav Suchý <msuchy@xxxxxxxxxx> wrote: > > > > > On 03/27/2015 01:49 PM, Kevin Fenzi wrote: > > > > * releng person gathers list of pending update requests from bodhi. > > > > (a few minutes) > > > > > > > > * releng person looks over list for anything out of the ordinary or > > > > off. (another few minutes) > > > > > > > > * releng person tells sigul to sign that list of packages and write > > > > out the signed ones in koji. The releng person talks to the sigul > > > > bridge and the sigul vault (which is not reachable via ssh) talks > > > > to the bridge. > > > > > > Few minutes, but manual minutes. IIRC rest of the process is > > > automatic. Do we really need human here? What can be extraordinary > > > here? Even if I have that security incident years ago in my mind, I > > > could not figure out why we need human reviewing list of packages to > > > sign. > > > > Well, fully automated processes are good at just doing what they are > > told, and humans are good (sometimes) at spotting patterns, so I could > > see a human catching something like an old obviously not current > > package being in the signing list, or some obvious bad version of a > > existing package. Shrug. > > > > We have been working on automated signing of rawhide, and this could > > replace the humans elsewhere too, > > I vote in automated updates-testing with one regularity of pushes (2 > times a day for example) And why I think that push to update-testing should be automated and regular ? because some builds depends on other builds and, or we use buildroot overrides or we wait for packages be pushed to update-testing and second option is simpler. The problem is if the pushes stops for some reason (holidays, weekends etc) > > but we would want to make sure it has > > checks and also lots and lots of reporting so humans can still see > > something wrong and stop it from doing something bad. > > > > kevin > > > > > > -- > > devel mailing list > > devel@xxxxxxxxxxxxxxxxxxxxxxx > > https://admin.fedoraproject.org/mailman/listinfo/devel > > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > > -- > Sérgio M. B. > -- Sérgio M. B. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
