FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 08-01-2012, 04:15 PM
Stéphane Gaudreault
 
Default away

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Le 2012-08-01 12:04, Ike Devolder a écrit :
> Op woensdag 1 augustus 2012 18:03:20 schreef u:
>> Op woensdag 1 augustus 2012 11:49:58 schreef Dave Reisner:
>>> On Wed, Aug 01, 2012 at 05:47:17PM +0200, Ike Devolder wrote:
>>>> Op maandag 30 juli 2012 06:43:52 schreef Xyne:
>>>>> Ike Devolder wrote:
>>>>>> Hi,
>>>>>>
>>>>>> I'll be away for a couple of days, normally everything should get
>>>>>> updated
>>>>>> automatically while i'm out.
>>>>>
>>>>> How are you updating things automatically?
>>>>>
>>>>>
>>>>> Regards,
>>>>> Xyne
>>>>
>>>> cronjobs on a server
>>>> i have to add more but most are already to be found:
>>>> https://github.com/BlackIkeEagle/archbuild
>>>>
>>>> --Ike
>>>
>>> So you're blindly signing and pushing packages based on the fact that
>>> they compile?
>>
>> yes why not ?
>>
>> --Ike
>
> i could modify the script that they land in community-testing first
>
> --Ike

Compiling != Working, so I think it is a good practice for a maintainer
to test packages before uploading them.

In some case this could be difficult to do (eg massive rebuild for a
libname change) and in these cases it is ok to "blindly" push package on
the basis that is compile and test it later. In any case, I would expect
that a package is minimally tested before it goes to the repos.

Stéphane
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJQGVYvAAoJEOpoNuGrRBGWT7QIALr88yM242 d4ub4eQQQgZYJk
Ub6M+6IYwzho8rkO6YwyoNDCREVBWCf30LBbCobBjeUy+s93BB yhd9CG7UL9JBaa
UtRc1LCKMczzmJheoH/fAdxHy+my6Ye8NaAh+v8vuK0pd86nJLxkw1TsSCcwtjSi
+F4jLy/FrigkCClPFEY8CKDQY4pl6mbvP4NE559ufZHdLJQTlMMD0HLYC medb2W4
OWbbMylmXGEmPL9Enx7nk67nh17HceAZVkIUKGwfx1SwWBdDyn wZ4/eMISImpSX2
qoYOE5Th7c7I/zpXYRaDWzVzRR32rI4MZE8xsAjMV/kFR6UtQrhBp4vRsMWJIPM=
=nVW1
-----END PGP SIGNATURE-----
 
Old 08-01-2012, 04:22 PM
Ike Devolder
 
Default away

Op woensdag 1 augustus 2012 09:14:40 schreef Taylor Lookabaugh:
> On 08/01/12 09:04, Ike Devolder wrote:
> > Op woensdag 1 augustus 2012 18:03:20 schreef u:
> >> Op woensdag 1 augustus 2012 11:49:58 schreef Dave Reisner:
> >>> On Wed, Aug 01, 2012 at 05:47:17PM +0200, Ike Devolder wrote:
> >>>> Op maandag 30 juli 2012 06:43:52 schreef Xyne:
> >>>>> Ike Devolder wrote:
> >>>>>> Hi,
> >>>>>>
> >>>>>> I'll be away for a couple of days, normally everything should get
> >>>>>> updated
> >>>>>> automatically while i'm out.
> >>>>>
> >>>>> How are you updating things automatically?
> >>>>>
> >>>>>
> >>>>> Regards,
> >>>>> Xyne
> >>>>
> >>>> cronjobs on a server
> >>>> i have to add more but most are already to be found:
> >>>> https://github.com/BlackIkeEagle/archbuild
> >>>>
> >>>> --Ike
> >>>
> >>> So you're blindly signing and pushing packages based on the fact that
> >>> they compile?
> >>
> >> yes why not ?
> >>
> >> --Ike
> >
> > i could modify the script that they land in community-testing first
> >
> > --Ike
>
> what if the signing key was tampered with? How would you know?

This machine is not accessible from the internet, but indeed has a connection
out to the internet.
pacman would warn you that the key is not correct.

--Ike
 
Old 08-01-2012, 04:30 PM
Ike Devolder
 
Default away

Op woensdag 1 augustus 2012 12:15:43 schreef Stéphane Gaudreault:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Le 2012-08-01 12:04, Ike Devolder a écrit :
> > Op woensdag 1 augustus 2012 18:03:20 schreef u:
> >> Op woensdag 1 augustus 2012 11:49:58 schreef Dave Reisner:
> >>> On Wed, Aug 01, 2012 at 05:47:17PM +0200, Ike Devolder wrote:
> >>>> Op maandag 30 juli 2012 06:43:52 schreef Xyne:
> >>>>> Ike Devolder wrote:
> >>>>>> Hi,
> >>>>>>
> >>>>>> I'll be away for a couple of days, normally everything should get
> >>>>>> updated
> >>>>>> automatically while i'm out.
> >>>>>
> >>>>> How are you updating things automatically?
> >>>>>
> >>>>>
> >>>>> Regards,
> >>>>> Xyne
> >>>>
> >>>> cronjobs on a server
> >>>> i have to add more but most are already to be found:
> >>>> https://github.com/BlackIkeEagle/archbuild
> >>>>
> >>>> --Ike
> >>>
> >>> So you're blindly signing and pushing packages based on the fact that
> >>> they compile?
> >>
> >> yes why not ?
> >>
> >> --Ike
> >
> > i could modify the script that they land in community-testing first
> >
> > --Ike
>
> Compiling != Working, so I think it is a good practice for a maintainer
> to test packages before uploading them.
>
> In some case this could be difficult to do (eg massive rebuild for a
> libname change) and in these cases it is ok to "blindly" push package on
> the basis that is compile and test it later. In any case, I would expect
> that a package is minimally tested before it goes to the repos.
>
> Stéphane
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.19 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJQGVYvAAoJEOpoNuGrRBGWT7QIALr88yM242 d4ub4eQQQgZYJk
> Ub6M+6IYwzho8rkO6YwyoNDCREVBWCf30LBbCobBjeUy+s93BB yhd9CG7UL9JBaa
> UtRc1LCKMczzmJheoH/fAdxHy+my6Ye8NaAh+v8vuK0pd86nJLxkw1TsSCcwtjSi
> +F4jLy/FrigkCClPFEY8CKDQY4pl6mbvP4NE559ufZHdLJQTlMMD0HLYC medb2W4
> OWbbMylmXGEmPL9Enx7nk67nh17HceAZVkIUKGwfx1SwWBdDyn wZ4/eMISImpSX2
> qoYOE5Th7c7I/zpXYRaDWzVzRR32rI4MZE8xsAjMV/kFR6UtQrhBp4vRsMWJIPM> =nVW1
> -----END PGP SIGNATURE-----

Well then i'll drop the auto-updaters for community. but in general i find this
very handy. i'll leave the scripts in the git repo for now but i'll drop the
cronjob now.

--Ike
 
Old 08-01-2012, 05:02 PM
Rashif Ray Rahman
 
Default away

On 2 August 2012 00:30, Ike Devolder <ike.devolder@gmail.com> wrote:
> Op woensdag 1 augustus 2012 12:15:43 schreef Stéphane Gaudreault:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Le 2012-08-01 12:04, Ike Devolder a écrit :
>> > Op woensdag 1 augustus 2012 18:03:20 schreef u:
>> >> Op woensdag 1 augustus 2012 11:49:58 schreef Dave Reisner:
>> >>> On Wed, Aug 01, 2012 at 05:47:17PM +0200, Ike Devolder wrote:
>> >>>> Op maandag 30 juli 2012 06:43:52 schreef Xyne:
>> >>>>> Ike Devolder wrote:
>> >>>>>> Hi,
>> >>>>>>
>> >>>>>> I'll be away for a couple of days, normally everything should get
>> >>>>>> updated
>> >>>>>> automatically while i'm out.
>> >>>>>
>> >>>>> How are you updating things automatically?
>> >>>>>
>> >>>>>
>> >>>>> Regards,
>> >>>>> Xyne
>> >>>>
>> >>>> cronjobs on a server
>> >>>> i have to add more but most are already to be found:
>> >>>> https://github.com/BlackIkeEagle/archbuild
>> >>>>
>> >>>> --Ike
>> >>>
>> >>> So you're blindly signing and pushing packages based on the fact that
>> >>> they compile?
>> >>
>> >> yes why not ?
>> >>
>> >> --Ike
>> >
>> > i could modify the script that they land in community-testing first
>> >
>> > --Ike
>>
>> Compiling != Working, so I think it is a good practice for a maintainer
>> to test packages before uploading them.
>>
>> In some case this could be difficult to do (eg massive rebuild for a
>> libname change) and in these cases it is ok to "blindly" push package on
>> the basis that is compile and test it later. In any case, I would expect
>> that a package is minimally tested before it goes to the repos.
>>
>> Stéphane
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2.0.19 (GNU/Linux)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iQEcBAEBAgAGBQJQGVYvAAoJEOpoNuGrRBGWT7QIALr88yM242 d4ub4eQQQgZYJk
>> Ub6M+6IYwzho8rkO6YwyoNDCREVBWCf30LBbCobBjeUy+s93BB yhd9CG7UL9JBaa
>> UtRc1LCKMczzmJheoH/fAdxHy+my6Ye8NaAh+v8vuK0pd86nJLxkw1TsSCcwtjSi
>> +F4jLy/FrigkCClPFEY8CKDQY4pl6mbvP4NE559ufZHdLJQTlMMD0HLYC medb2W4
>> OWbbMylmXGEmPL9Enx7nk67nh17HceAZVkIUKGwfx1SwWBdDyn wZ4/eMISImpSX2
>> qoYOE5Th7c7I/zpXYRaDWzVzRR32rI4MZE8xsAjMV/kFR6UtQrhBp4vRsMWJIPM=
>> =nVW1
>> -----END PGP SIGNATURE-----
>
> Well then i'll drop the auto-updaters for community. but in general i find this
> very handy. i'll leave the scripts in the git repo for now but i'll drop the
> cronjob now.
>
> --Ike

Automating like this is very bad practice. I believe a maintainer's
job is to ensure that a package works before making it accessible to
everyone. Of course sometimes we're guilty of assuming stuff "should
probably just work" but let's not automate that attitude.

Otherwise it's OK if you push these to a testing repo me thinks. But
to do justice after you return you should check them one by one :P
Also you can do this on a case-by-case basis depending on how often
things are likely to break. Yet I think just auto building is fine but
not auto pushing.


--
GPG/PGP ID: C0711BF1
 
Old 08-01-2012, 05:10 PM
Nicola Bignami
 
Default away

Il 01/08/2012 18:30, Ike Devolder ha scritto:

Well then i'll drop the auto-updaters for community. but in general i find this
very handy. i'll leave the scripts in the git repo for now but i'll drop the
cronjob now.

--Ike


Personally I think that your tool to automatically generate the updated
packages is great and very handy. On the other side, I'm not willing to
trust a package that has been generated automatically without any sort
of control to be installed on my system (and I think I'm not the only
one). The wrong thing IMHO is to automatically push the new package to
the repo without any real test and check ("it builds" is not an answer).


I'm not a TU, but I think your tools could be used to prepare the new
updated packages in a local pool, ready to be tested and checked and
then *manually* fetched to the repo only if everything is fine.
 
Old 08-01-2012, 06:26 PM
Ike Devolder
 
Default away

Op woensdag 1 augustus 2012 19:10:54 schreef Nicola Bignami:
> Il 01/08/2012 18:30, Ike Devolder ha scritto:
> > Well then i'll drop the auto-updaters for community. but in general i find
> > this very handy. i'll leave the scripts in the git repo for now but i'll
> > drop the cronjob now.
> >
> > --Ike
>
> Personally I think that your tool to automatically generate the updated
> packages is great and very handy. On the other side, I'm not willing to
> trust a package that has been generated automatically without any sort
> of control to be installed on my system (and I think I'm not the only
> one). The wrong thing IMHO is to automatically push the new package to
> the repo without any real test and check ("it builds" is not an answer).
>
> I'm not a TU, but I think your tools could be used to prepare the new
> updated packages in a local pool, ready to be tested and checked and
> then *manually* fetched to the repo only if everything is fine.

i might move to such system over time but now i have no time to do the testing
of the buildsystem so i will bring in the packages manually as before.

--Ike
 
Old 08-02-2012, 12:34 AM
Jeremiah Dodds
 
Default away

Ike Devolder <ike.devolder@gmail.com> writes:

> Op woensdag 1 augustus 2012 11:49:58 schreef Dave Reisner:
>> On Wed, Aug 01, 2012 at 05:47:17PM +0200, Ike Devolder wrote:
>> > Op maandag 30 juli 2012 06:43:52 schreef Xyne:
>> > > Ike Devolder wrote:
>> > > >Hi,
>> > > >
>> > > >I'll be away for a couple of days, normally everything should get
>> > > >updated
>> > > >automatically while i'm out.
>> > >
>> > > How are you updating things automatically?
>> > >
>> > >
>> > > Regards,
>> > > Xyne
>> >
>> > cronjobs on a server
>> > i have to add more but most are already to be found:
>> > https://github.com/BlackIkeEagle/archbuild
>> >
>> > --Ike
>>
>> So you're blindly signing and pushing packages based on the fact that
>> they compile?
>
> yes why not ?
>
> --Ike

As mentioned elsewhere in the thread, compiling != working.

I bet that a fair portion of testing the functionality of a given
package could be automated minus needing to write what defines
acceptance for a given package.

I doubt that you could reliably automate functionality testing for all
packages, but quite a few...

--
Jeremiah Dodds

github : https://github.com/jdodds
freenode : exhortatory
 

Thread Tools




All times are GMT. The time now is 03:31 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org