[CentOS-devel] cbs feature req: building embargoed content

On Wed, Mar 11, 2015 at 12:07 PM, Karanbir Singh <mail-lists at karan.org> wrote:
> On 03/11/2015 12:01 PM, Jim Perrin wrote:
>>
>>
>> On 09/25/2014 11:25 AM, Karanbir Singh wrote:
>>> hi guys,
>>>
>>> we need a way to build embargo'd content like reimzul's priv-build, that
>>> does not make stuff public till a specific date ( the actual push to
>>> public can be manual );
>>>
>>> how would we achieve this on cbs ? I guess the git stuff is easier since
>>> it can just be a scratch build from srpm and people need not push the
>>> git content back to git.centos.org till embargo expiry.
>>
>>
>> Devil's advocate here,
>>
>> How much of an issue is this? As far as I know, fedora doesn't deal with
>> embargoed code at all. Is this something we need to care about, or can
>> we simply adopt the fedora approach and state: Use the embargo time to
>> come up with a plan of action, and build/push once public.
>
> Its a pretty big deal I feel - its one thing that will likely keep the
> actual CentOS buildservices from ever being opened up.
>
> We cant use the fedora angle at all - they have a very different problem
> space than we do.

What does CentOS do about security patches on the core?  Does it
strive to have updates built and tested as soon as the embargo is
lifted?

It seems like at least in the Xen4CentOS case, being able to provide
pre-embargo binaries to cloud providers will be a big win, and having
updated packages quickly would be pretty critical.  I don't want to
say it *must* be done, but it certainly seems desirable to me.

 -George