FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Advisory Board

 
 
LinkBack Thread Tools
 
Old 03-19-2008, 05:35 PM
"Jeff Spaleta"
 
Default spins and hosting

On Thu, Mar 13, 2008 at 7:16 PM, Mike McGrath <mmcgrath@redhat.com> wrote:
> So we're at the point where we can host spins, how far off are we from
> having the official policy up and ready? The reason I ask is we've been
> asked to link to an external site. There's no technical reason we can't
> do this but at our infrastructure meeting today we decided to make sure to
> run this ticket by those who have been more involved in the decisions,
> policies, etc.
>
> https://fedorahosted.org/fedora-infrastructure/ticket/446


Sorry for not replying to this earlier I've been sick.

There is one outstanding issue with pointing to externally hosted
spins that needs to be resolved. If the spins are built outside the
Fedora build system, do we have a reasonable means to verify that the
image we are pointing to contains what is the expected result of
running the livecd tools against a contributed kickstart file?

There was a short discussion on -devel-list about using rpm -V on a
mounted image, to verify package payload and signatures. This would
provide some level of verification that Fedora Project signed packages
were used in the image compose. But its not clear that this sort of
check was considered sufficient.

So there's still an open question. Once an image is built, are there
checks that can be performed to ensure the image is what we expect?
My understanding is that the compose process is such that checksums
will differ with every image build, so we can't use any sort of simple
community checksum verification process.

Or will externally hosted binaries still need to be generated inside
the Fedora build system, to ensure that the final binary image was not
influenced by the compose environment.

-jef

_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
 

Thread Tools




All times are GMT. The time now is 06:50 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org