Re: Fedora 32 System-Wide Change proposal: Annobin Used By Bodhi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thursday, October 31, 2019 7:04:47 AM EDT Aleksandra Fedorova wrote:
> Following pingou's advice adding ci@xxxxxxxxxxxxxxxxx
> 
> On Wed, Oct 30, 2019 at 10:03 PM Ben Cotton <bcotton@xxxxxxxxxx> wrote:
> 
> >
> >
> > (skipped)
> >
> >
> >
> > Note - I do not know *how* to add a run of the annocheck program to
> > the Bodhi process.  This change request is about asking that such a
> > thing be added.
> 
> 
> In this form I think it doesn't qualify as Fedora Change, so let's see
> how we can rework it.
> 
> 
> > * Proposal owners:
> > In theory there is very little that I can do personally.  I do not
> > have the knowledge to change the Bodhi process myself, so I will have
> > to rely upon someone else to do that.  I am familiar with the annobin
> > package however, so any changes that are needed to it I will be happy
> > to make.
> 
> 
> We have a similar check coming to Fedora Rawhide gating. It is called
> rpminspect [1]. Check also the talk from Flock 2019 [2].
> Tim Flink and David Cantrell are driving it, and afaik it is close to
> being done: the Jenkins job is already up and running and we are
> hooking it into the gating framework.
> 
> If I understand correctly, the setup for annocheck should be very
> similar, so we can reuse most of the work done for rpminspect, with
> only the content of the test being different.
> There are several work items related to that: setup of a Jenkins job,
> update of a Jenkins which is needed to migrate to a new Fedora
> messaging infrastructure.
> 
> We can coordinate of that via Fedora CI SIG [3], next meeting is on
> November 4th [4] by the way.
> 
> Maybe we can make it a joint effort and file one change for both
> rpminspect and annocheck?

And one tangential question...will rpmfusion and others be held to this new 
standard? Many of the multimedia parsers that round out the Fedora ecosystem 
come from that repository. They also tend to have a lot of CVE's. I've 
scanned a number of packages that handle untrusted content and the use of 
protection mechanisms are really not up to par with the rest of Fedora.

-Steve


> [1] https://github.com/rpminspect/rpminspect
> [2] https://www.youtube.com/watch?v=lPxC185PBeI
> [3] https://fedoraproject.org/wiki/SIGs/CI
> [4] https://apps.fedoraproject.org/calendar/SIGs/2019/11/4/#m9618
> 
> -- 
> Aleksandra Fedorova
> bookwar
> _______________________________________________
> devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List
> Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List
> Archives:
> https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxx
> g



_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux