On Wed, 31 Jul 2019 at 10:16, Richard W.M. Jones <rjones@xxxxxxxxxx> wrote:
On Tue, Jul 30, 2019 at 11:11:34AM -0700, Kevin Fenzi wrote:
> In this case it's koji.
>
> For every package in the mass rebuild (f31-pending tag) robosign asks
> koji "hey, is foobar-1.0.1-1.fc31 signed' ? koji checks... "yes, it is".
> robosign: "great, then I ask you to write out the signed rpms now"
> koji: "ok, writing them out to disk again"
>
> it's mostly this last step thats slow. I am not sure if koji is just
> seeing if they were written out and returning, or actually re-writing
> them out. It seems like it might be the latter, which makes me suspect
> koji could optimize this somewhat.
It's still taking a long time today to get builds through Koji and
into Rawhide. Is there a reason we need to sign builds in Rawhide?
1. Because everyone's rawhide.repo says they are signed
2. Everytime we get unsigned packages people start freaking out that some nation state is trying to take over their computer.
3. Because nation states do that and those packages will become F32/F33 at some point.
Stephen J Smoogen.
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
