On Tue, Oct 24, 2017 at 03:46:28PM +0100, George Dunlap wrote: > On Tue, Oct 24, 2017 at 9:59 AM, Fabian Arrotin <arrfab at centos.org> wrote: > > <paste> > > sigs would like to use centpkg / lookaside, build direct through git to koji > > authentication requirements to accounts.centos.org > > Fabian to evaluate git solutions and report back to sig chairs. > > mrunge has volunteered to be the "guinea pig" of the new system > > </paste> > > > > Waiting for comments/input/feedback on those points Thank you for kicking this off! Storing specs + upstream sources somewhere would solve my primary concern with creating some more reproducible builds. Even in a small team, it seems scary to upload "somehow" created srpms to get them built in cbs. > > From our discussion, I remember that with the "lookaside cache", it > should be possible for a "drive-by" contributor to submit a change > which included a new tarball, by submitting a pull request that had > the proper hash; I could then download the tarball from the upstream > website myself, verify the hash, and upload it to the lookaside cache > when merging the PR. Yes, I remember we discussed it briefly, on how to enable drive-by contributions or how to lower the barrier for contributors. I'd be fine with patches/pull-requests/whatever for spec files. I'd try to pull down sources myself anyways. Ideally, any solution would be supported by a central tool, comparable to fedpkg for fedora. I know there is centpkg, but I'm currently unsure how git and source upload is handled there. Best, Matthias -- Matthias Runge <mrunge at matthias-runge.de>