On Wed, 2020-09-02 at 14:12 +0200, Guido Günther wrote:
I'll have to go through with improving Laniakea's sync overview page to be less cluttered - at the moment it's quite hard to know what needs merging where ;-) (that's actually the thing I am working on at the moment, since that also gets rid of the last bit of D code and makes deploying Laniakea easier).
- Laniakea can theoretically also build packages from Git repos
- you'll need a list of repos and signed tags of a certain
format in them,
For clarity - do you mean a "git tag" or another type of tag? I think using git tags and signed-off-by lines is standard practice, certainly in kernel development, and I strongly feel we should adopt that.
LK will then verify the tag signature
Sorry to be pedantic but it helps me to understand. LK will verify the git tag and the gpg sig? I can see how verification might be done with the gpg sig, e.g. check the keyring, but the git tag might be harder to "verify".
and send the repo to a worker to create a source package out of that's then auto- uploaded. It's quite neat in concept... ....in practice I would need to get rid of the manual list and actually verify signatures (at the moment anything would be built, so that's really not deployable)
So we have an opportunity to define the policy and process before we put it into code? That sounds like something that is worth discussing now before there are tons of packages coming into the repo. :-)
That would be cool since i'd like to phase out the route via arm02 (which allows us to do that for the phone right now) as soon as possible - that's also one of the reasons we don't want to allow sloppy builds for byzantium. Is there a public bug list for PureOS Infra/Laneakia that once could follow to learn what's planned, has been discussed?
<snip>
So just to be sure, we *don't* use tracker.pureos.org for that? I was under the impression we'll use that from our discusson on Friday.
It's my preferred solution to use tracker.pureos.org to track issues in Laniakea *and* the various packages that are coming into PureOS. This way we can separate concerns (software development issues in Gitlab, maintenance and delivery issues in Tracker.)
If we have consensus I'm strongly in favor of encouraging this as policy.
Regards,
Jeremiah