www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Scott Deboy <scott.de...@gmail.com>
Subject Re: Official code signing certificate
Date Sun, 24 Jun 2012 02:03:18 GMT
I am making the assumption that Infra are generally busy folk and are
generally focused on keeping machines running and putting out fires, and
would rather not be pestered by those wanting release candidates
generated.  I can tell you from my limited personal experience in dealing
with infra folk that I would rather not be the one pestering Infra to get
anything done.

I think it's reasonable to imagine other priorities will come up which will
cause significant delays in generating signed release candidates if they
are an integral part of the release candidate generation process.

If we are able to automate the process to such an extent that they are
kicking off a build of signed release candidates from a web front end or a
shell script, it seems plausible that those same tools could be constrained
by permissions (and path restrictions if necessary) to allow those same
automation tools to be used by members of the PMCs themselves in order to
generate the signed build artifacts, allowing Infra to continue to put out
fires and not be nagged.

I personally don't know how hard it would be to get to that level of
automation, but if it's possible, that would be great.  I could jump on
#asfinfra and ask if they wouldn't mind being pinged each time a release
candidate needed to be generated, and I would be happy to make a small
wager on what the response would be.


On Sat, Jun 23, 2012 at 6:45 PM, Sam Ruby <rubys@intertwingly.net> wrote:

> On Sat, Jun 23, 2012 at 9:36 PM, Scott Deboy <scott.deboy@gmail.com>
> wrote:
> >  - I don't think Infra wants to be pulled in every time a release
> candidate
> > is requested
> There undoubtedly is a reason why you are making that assumption, but
> I can't see anything that has been said to date which would lead you
> to that conclusion.
> My experience is that build environments may take a bit of work to set
> up, but the marginal effort to produce an nth+1 build is small.
> But we are probably well past the point of diminishing returns for
> discussing this problem in the abstract.
> - Sam Ruby

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message