[lsb-discuss] LSB conf call notes for 2008-10-01
Jeff Licquia
jeff at licquia.org
Wed Oct 15 06:14:45 PDT 2008
Attendees: Jeff Licquia, Russ Herrold, Stew Benedict, Ted Tso, Mats
Wichmann, Brian Proffitt, Ron Hale-Evans, Kay Tate, Robert Schweikert,
Dalibor Topic, Alexey Khoroshilov, Jiri Dluhos.
Jeff: new x86-64 box. Distributions to install on new box? Alexey:
openSuSE 11.1. Ted: may want to work with SuSE to get their SLES 11
prerelease, also Red Hat Rawhide. Mats: SLES 11 is in beta. Ted:
Fedora. Should be able to get us access to RHEL 5, asking them what
they'd like tested. General rule of thumb: Ubuntu, SLES, and RHEL,
current enterprise release, latest community distro, prereleases. Russ:
those change frequently. Ted: would like immediate feedback on changes.
Jeff: can probably get updates. Ted: ideally, all the distros would
continuously test against latest released stuff.
Jeff: old x86-64 box? Ted: stability problems? Mats: only when we ran
the Xen kernel. Russ: mirror/install archive for local subnet stuff?
Jeff: nervous about changing during the release process; do we have
issues at OSUOSL? Ted: might have power issues; might be asked to
rotate something out if we deployed something new. Could be a good
place to deploy test stuff, etc.
Spec builds. Jeff: fixed? Mats: yes. Ted: moving off proprietary
software? Jeff: bug is there, lower priority unless we run into problems.
SI. Jeff: being built. Ted: what machines is he using? Jeff: his own,
possibly the Novell box. Ted: will ping re: getting him to use our
infrastructure. Jeff: could move to the new box. Ted: also, is the
Novell machine still useful for that? Let's make sure we're using the
machines as efficiently as possible.
Russ: found some bugs in our scripts regarding missing sigs, also we're
seeing packages getting signed with the wrong keys. Providing a
passphrase via expect; should make sure we sign the right stuff with the
right keys. Can't find a statement about which keys the LSB uses. Not
confident that we can prove that LSB packages are correct and not
corrupted. Also, signing noarch packages with a key for x86-64
packages, etc. Why do we need different keys for each autobuilder?
Also, docs for which keys serve which roles. Key management is probably
bad as well. Jeff: autobuilder and release key roles separation. Russ:
keys should be signed by outside people for web-of-trust. Jeff: use one
key per release role, instead of different keys for different packages?
Russ: yes. Mats: yes. Could also consolidate the autobuilder key to
one. Russ: three keys, one for autobuilder, one for beta, one for
release. Mats: there is a master LSB key for signing other keys. It's
signed by a few people in the keyservers. Ted: how old is it? Mats:
old. Russ: fingerprint? Mats will dig up and post in IRC. Ted: should
probably build a formal proposal. Should also think about regenerating
keys every so often. Also: how should we protect non-autobuilder keys?
Russ: communication plan as to announcement of new keys, and security
adjustments. Ted: maybe not on RH scale, but do need something like
that. Russ: also, sending gpg errors to /dev/null is bad. Filed bugs.
Ted will write the key management proposal.
More information about the lsb-discuss
mailing list