Delays in package processing
Michael Schwendt
mschwendt.tmp0701.nospam at arcor.de
Thu Dec 20 15:05:28 UTC 2007
On Thu, 20 Dec 2007 08:41:24 +0100, Thorsten Leemhuis wrote:
> [...] there are currently up to four (or even
> more) days between pushes afaics (the last one right now for example was
> on 15 December 2007):
>
> * for normal updates that's not a problem, but I think four days are a
> to long delay for updates that fix security issues.
If that is true, then wtf is the purpose of the "security" check-box in
bodhi if it doesn't inform release engineers about the necessity to push a
security related update? For Extras I've asked packagers to mark their
packages appropriately (in the cvs commit comment or %changelog entry,
adding the CVE id or stating that it's a "security/vulnerability fix") in
order to help deciding when to push the next time or what to push quickly
with a delayed build report.
> And, BTW, what's exactly the problem with "moving target for all
> mirrors"? There were (are?) yum problems iirc (¹), but I suppose we can
> fix them if we want?
If the master site is modified too often, the window, during which mirrors
can sync a complete set [*] of changes, becomes smaller. I guess Matt
Domsch can tell how often mirrors sync on average.
[*] packages plus matching metadata
> CU
> thl
>
> (¹) -- downloading metadata from one mirror, download error on it,
> switching to another mirror that has even new push where the file yum
> tries to download is already is gone again
That's one of the problems. Files not found, persistent metadata checksum
errors (older repomd.xml from previous mirror in conjunction with newer
metadata from other mirrors), users seeing update announcements but tools
not seeing the updates [yet]. And last but not least, do you like being
notified about system updates daily? First there's a series of minor
version updates for some package, then upstream releases the next stable
major version, and the packager smacks his lips because it's so exiciting
to push that hot new stuff to Fedora 7+8+development instead of giving it
time to test it in development.
More information about the fedora-devel-list
mailing list