[Centos] CentOS Package Updates
Chris Sorisio
chrissorisio at peaktechnical.com
Fri May 14 04:40:36 UTC 2004
Time is something I'm prepared to offer, though my black magic skills
are limited. I'll check to see if I can make CPU time available, but
that brings up another questions: how do we establish trust? What
process is reasonable to verify that packages I build, for example, are
trustworthy? I have a handful of packages I'd be happy to send over
this weekend (MySQL 4.0.18, etc) but how would the project prefer I sign
them, what quality control steps do I need to verify first, etc?
I was also thinking of somthing automated, and while manual intervention
still would be required, it would hopefully reduce the cycle time
significantly. Ideally, CentOS would have a system that would:
1. Automatically detect when an update has been released (via parsing
the announcement e-mail from Red Hat or something?)
2. Download the SRPM.
3. Build a first-pass RPM and notify the package maintainer when it is
ready for review.
4. Depending on the maintainer's review, the package is either:
a. released (another scripted process which automates GPG
signing and transferring the RPM to the appropriate repositories and
sends out an e-mail to the list about its availability after
an appropriate time-lapse so that the mirrors have a chance to mirror it) or
b. rejected, pending modifications and another build cycle.
This would at least take some of the load off the maintainer's shoulders
and - hopefully - most updates would rebuild cleanly and not need
modifications. When we know in advance that package X needs mods Y, we
could make the system aware of it.
All we need is someone talented enough to craft such a system. I can
admit without too much shame that it's mostly beyond my abilities.
Anyone volunteers out there? ;)
Lance Davis wrote:
>>What can the community do to help improve turn-around time on Redhat errata?
>>
>>
>
>Volunteers are always welcome :)
>
>The reason the kernel takes so long is that it just takes that long to
>build and test.(likewise openoffice)
>
>If you have some decent hardware then it should be quicker ...
>
>As regards the other upodates it is a question of checking whether oatches
>apply cleanly, removing trademarks where necessary and testing.
>
>An automatic system is required, buyt at the end of the day manual
>intervention will probably always be needed.
>
>Lance
>
>
More information about the CentOS
mailing list