FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 08-28-2008, 06:47 PM
"Alan Dunn"
 
Default Updates being pushed?

Not to be a complainer, but are Bodhi updates being pushed again after
the other week's events? Or is something still wrong/not yet checked
with that part of the infrastructure? The queue seems to be as deep as
I've ever seen it so far. Just curious...

- Alan

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 08-28-2008, 06:51 PM
Josh Boyer
 
Default Updates being pushed?

On Thu, Aug 28, 2008 at 02:47:46PM -0400, Alan Dunn wrote:
>Not to be a complainer, but are Bodhi updates being pushed again after
>the other week's events? Or is something still wrong/not yet checked
>with that part of the infrastructure? The queue seems to be as deep as
>I've ever seen it so far. Just curious...

Plans are still being made and decided on about how to revoke the current
gpg key used to sign RPMs. I think this has progressed to the point where
the plan is set, and now they are starting to execute it.

josh

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 08-28-2008, 06:52 PM
Jesse Keating
 
Default Updates being pushed?

On Thu, 2008-08-28 at 14:47 -0400, Alan Dunn wrote:
> Not to be a complainer, but are Bodhi updates being pushed again after
> the other week's events? Or is something still wrong/not yet checked
> with that part of the infrastructure? The queue seems to be as deep as
> I've ever seen it so far. Just curious...
>
> - Alan
>

As part of the recover from the last few weeks' events, we have to
introduce a new set of signing keys into Fedora. I'm currently
re-signing all of the 8 and 9 content with these new keys so that we can
make them available along with the new updates with the new key for
these product lines. This is going to take some time due to the nature
of how our signing works. It's also taken some times to hash out a good
migration plan for users and start working on the documentation and the
bits and pieces to make this happen. Expect to hear more about this in
the next day or three.

--
Jesse Keating
Fedora -- Freedom˛ is a feature!
identi.ca: http://identi.ca/jkeating
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 08-28-2008, 07:19 PM
nodata
 
Default Updates being pushed?

Am Donnerstag, den 28.08.2008, 11:52 -0700 schrieb Jesse Keating:
> On Thu, 2008-08-28 at 14:47 -0400, Alan Dunn wrote:
> > Not to be a complainer, but are Bodhi updates being pushed again after
> > the other week's events? Or is something still wrong/not yet checked
> > with that part of the infrastructure? The queue seems to be as deep as
> > I've ever seen it so far. Just curious...
> >
> > - Alan
> >
>
> As part of the recover from the last few weeks' events, we have to
> introduce a new set of signing keys into Fedora. I'm currently
> re-signing all of the 8 and 9 content with these new keys so that we can
> make them available along with the new updates with the new key for
> these product lines. This is going to take some time due to the nature
> of how our signing works. It's also taken some times to hash out a good
> migration plan for users and start working on the documentation and the
> bits and pieces to make this happen. Expect to hear more about this in
> the next day or three.
>

Can I ask if there will be a plan for how to push a critical package
update out to users if this was to happen again?

By this I mean, package X has a critical security hole at the time of an
infrastructure problem.


--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 08-28-2008, 07:23 PM
Jesse Keating
 
Default Updates being pushed?

On Thu, 2008-08-28 at 21:19 +0200, nodata wrote:
> Can I ask if there will be a plan for how to push a critical package
> update out to users if this was to happen again?
>
> By this I mean, package X has a critical security hole at the time of an
> infrastructure problem.

"Whatever it takes" I think is the plan. More seriously we could spend
weeks planning around each and every kind of failure that could happen,
but I'm confident that we'll always find a way to get a critical update
onto a public webserver should the need arise.

--
Jesse Keating
Fedora -- Freedom˛ is a feature!
identi.ca: http://identi.ca/jkeating
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 
Old 08-28-2008, 07:34 PM
Toshio Kuratomi
 
Default Updates being pushed?

nodata wrote:


Can I ask if there will be a plan for how to push a critical package
update out to users if this was to happen again?

By this I mean, package X has a critical security hole at the time of an
infrastructure problem.

We can have processes that make this faster but unfortunately if the
infrastructure problem is bad enough, there's no way we can push package
X out until the problem is at least partially resolved.


ie: We have to have a trusted machine to build packages on. We have to
have a trusted machine to sign packages on. If we have to rebuild all
of the boxes then all we can do is prioritise getting those back online
and having a process for quickly getting the new key in use on those
machines.


-Toshio

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list
 

Thread Tools




All times are GMT. The time now is 03:18 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org