On Wed, Aug 19, 2015 at 11:34 AM, Stephen Niedzielski < [email protected]> wrote: > > In the lack of a preexisting solution, I would like to submit a ticket. > Are there any recommendation on how I should go about this and how to > figure out if getting a release server is something that can even be done > this fiscal year? It's worth mentioning that in addition to internal > solutions, we would be open to discussing a trusted third party SaaS > provider if that's more practical. Thanks! >
A well defined MVP in task form is probably the way to go, but I would maybe have a conversation with Security first about a specific use case e.g. signing of production Android packages. The reason I suggest formulating something around a single use case is that it orients us toward implementing secure processes instead of a "secure" environment—the latter being somewhere where we have a (likely false) sense of security when setting up any number of automated processes. Does that make sense? -- Dan Duvall Automation Engineer Wikimedia Foundation <http://wikimediafoundation.org>
_______________________________________________ QA mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/qa
