On 03/27/2015 01:49 PM, Kevin Fenzi wrote: > * releng person gathers list of pending update requests from bodhi. > (a few minutes) > > * releng person looks over list for anything out of the ordinary or > off. (another few minutes) > > * releng person tells sigul to sign that list of packages and write out > the signed ones in koji. The releng person talks to the sigul bridge > and the sigul vault (which is not reachable via ssh) talks to the > bridge.
Few minutes, but manual minutes. IIRC rest of the process is automatic. Do we really need human here? What can be extraordinary here? Even if I have that security incident years ago in my mind, I could not figure out why we need human reviewing list of packages to sign. -- Miroslav Suchy, RHCE, RHCDS Red Hat, Senior Software Engineer, #brno, #devexp, #fedora-buildsys -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
