[CentOS-devel] cbs feature req: building embargoed content

Karanbir Singh

mail-lists at karan.org
Fri Sep 26 13:33:13 UTC 2014


On 09/25/2014 08:50 PM, Mike McLean wrote:
> Currently koji doesn't have any read access controls, or at least not
> any related to builds. Most folks would probably either use a private
> koji, or just run mock against koji's yum repos.
> 
> Are we really only talking about a scratch build type scenario, or do
> folks want a real build that is hidden? Difference being that in the
> former case, you'd end up running a non-scratch rebuild after the
> embargo lifts, while in the latter you'd flip a switch and have the
> build appear.
> 
> The latter case is much harder (and also begs for embargo lockdown in
> source control), but neither is trivial to implement.

What we really need is a way for $person to build 'stuff' without it
going public. If that means the sources cant hit git.centos.org then
thats ok, we just need to make sure folks understand that
no-commit-to-git.c.o till public.

If that then imples that koji's targets can only be used once stuff is
public, that too might be fine ( as long as the person has had the
change to test builds against the same target in the past ).

Our exposure in this case would then be limited to the time it takes to
build something, and since the scratch builds will use the same repos -
we can be fairly confident (!) about result; we'd still test it, but we
can go into the testing with a higher level of confidence.


-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc



More information about the CentOS-devel mailing list