On 1/25/21 3:30 PM, Brian (bex) Exelbierd wrote: > The other interest though is around the actual act of making the > distribution, the "turning of the crank." Here Red Hat has very > specific security interests and we need to limit the ability to do > specific build tasks to specific people. Having spoken to the CPE > team, the engineering organization in Red Hat that is tasked with our > infrastructure contribution to CentOS, I know they are looking at > every option to open up what they can. One thing they have to do is > to get new authentication and other practices in place, which CentOS > has traditionally not had in this fashion, to allow the right access > (again - I am speaking in generalities here and glossing over detail. > Detail discussions are not going to be useful if I am participating > :D). They will tell you that in internal meetings I am constantly > harping on the need to get SIGs greater controls and build > opportunities, for example. That internal meetings comment raises a > great question around how to get more community participation. There > is an infrastructure SIG spinning up to ensure that there is a forum > for these conversations. I'd also love to see, if we can technically > do it, a SIG focused on improving build systems, with an eye toward > making the deliberate incremental change that lifts all of us (Fedora, > CentOS, RHEL, EPEL. elrepo, etc.). I understand need for security, SolarWind source code injection debacle comes to mind.... -- Ljubomir Ljubojevic (Love is in the Air) PL Computers Serbia, Europe StarOS, Mikrotik and CentOS/RHEL/Linux consultant