[Fwd: Re: Virtual build environments]

Jesse Keating jkeating at j2solutions.net
Mon Nov 10 21:51:33 UTC 2003 

On Monday 10 November 2003 13:25, Lucas Albers wrote:
> Have we started thinking about what build method we will use.

Manual chroots possibly with mach.  The build system that was being put 
together for Fedora has hit a snag, and thus we can't have it by the 
time we need to launch.  Manual chroots it is.

> Where is our primary buildhost going to be?

My company, Pogo Linux, has offered us a dual opteron server, and 
rackspace at their colo.  This will be the main Fedora Legacy system.  
It'll be located in the South Seattle area of Washington State, USA.

> Bugzilla database?

Probably on the Legacy opteron server.

> Erratta Database?

Interesting idea, I'm open to suggestions.  Just a MySQL or PGSQL 
database driven web query page?

> Who is going to be the primary host?

My company's colo is for now.

> How long a cycle are we going to have from exploit to update release?

Depends on many things.  Obviously we'll try to minimize it, but it'll 
depend on the package, how close the latest RH supported version is to 
any given backport, how long it takes to get through QA, all that fun 
stuff.  Hard to say, but as quick as possible.

> Are we going to use http/apt/up2date or what to distribute the
> releases? 

We'll be using yum and apt to push our updates.

> Who has final say on whether to do rpm upgrades or not.

No one person.  It's a community thing.  Sure I'm the guy in the lead 
right now, but I don't get to set policy myself, that'll drive people 
away.  We need to start a new thread on this subject.  Warren, you had 
a good suggestion to bump people up to the latest on rpm.org for each 
given distro.  I can see this for 8.0 and 9, which had some nasty lock 
bugs, but what of 7.2 and 7.3, is it really necessary?

> Has anyone asked a knowledgable rpm package at redhat their private
> opinion on the matter, in order to get some expert advice on this?

I chat w/ RH packagers on a daily basis, they're offering as much 
help/insite as they possibly can.

> Are their any experts on rpm packaging with practical experience that
> can say that we need to upgrade rpm packages or not upgrade packages?
>
> What is our release cycle going to be? What are our deadlines?

1-2-3-out.  We'll be supporting 2 FC releases, while RH supports the 
3'rd.  Being "out" doesn't mean we won't accept/release updates, but it 
will not be the focus, nor will any guarantees be made as to updates 
provided for "out" releases.

> Are we supporting desktop applications or just server applications?

At this point, we'll be suppporting any package that has a security flaw 
reported to it, within reason.

> The deadlines that I see are thus:
>
> Finalize Draft.
> Implement Bugzilla database.
> Come up with primary build committee.
> Start monitoring erratta for our versions.
> Do a test build for all our supported os version.
> Determine what QA structure we will be using, how much if any QA
> testing will we be doing?

Fedora.us style QA probably.  As much QA as possible.  We stress 
tested/stable backports, not "hey look, it compiled!"

> Will we be releasing binary or src rpms?

Both.

> How to prevent random evil people from sticking in trojans in a patch
> they submit?

Heavy peer review, trusted commiters, etc..

> Setup up distribution repository.
> Setup mirrors.
> Setup synchronization schedule.
> Distribute directions on using fedora-legacy.
> Distribute gpg key for use.
> Distribute a rpm upgrade if necessary for everyone who will use.
> Ideas?

I do like your list, nice and complete.  We'll be going off of this 
list.

-- 
Jesse Keating RHCE MCSE (geek.j2solutions.net)
Fedora Legacy Team      (www.fedora.us/wiki/FedoraLegacy)
Mondo DevTeam           (www.mondorescue.org)
GPG Public Key          (geek.j2solutions.net/jkeating.j2solutions.pub)
 
Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20031110/51a295ae/attachment.sig>

More information about the fedora-legacy-list mailing list