On 1/25/21 3:30 PM, Brian (bex) Exelbierd wrote:
The other interest though is around the actual act of making the distribution, the "turning of the crank." Here Red Hat has very specific security interests and we need to limit the ability to do specific build tasks to specific people. Having spoken to the CPE team, the engineering organization in Red Hat that is tasked with our infrastructure contribution to CentOS, I know they are looking at every option to open up what they can. One thing they have to do is to get new authentication and other practices in place, which CentOS has traditionally not had in this fashion, to allow the right access (again - I am speaking in generalities here and glossing over detail. Detail discussions are not going to be useful if I am participating :D). They will tell you that in internal meetings I am constantly harping on the need to get SIGs greater controls and build opportunities, for example. That internal meetings comment raises a great question around how to get more community participation. There is an infrastructure SIG spinning up to ensure that there is a forum for these conversations. I'd also love to see, if we can technically do it, a SIG focused on improving build systems, with an eye toward making the deliberate incremental change that lifts all of us (Fedora, CentOS, RHEL, EPEL. elrepo, etc.).
I understand need for security, SolarWind source code injection debacle comes to mind....