www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <...@daniel.shahaf.name>
Subject Re: Official code signing certificate
Date Tue, 26 Mar 2013 11:49:38 GMT
J├╝rgen Schmidt wrote on Tue, Mar 26, 2013 at 10:40:57 +0100:
> On 3/25/13 11:56 PM, Daniel Shahaf wrote:
> > Well that works but it has more moving parts: the artifacts need to
> > encode the path@rev they were built from and then the build process has
> > to extract those.  Also the build process uses a new working copy so
> > it'll rebuild everything from scratch: that (a) takes longer,
> > (b) subjects you to the risk of upgraded system dependencies (libc, gcc,
> > etc.) used in the new build.
> 
> the baseline of the dedicated build machines should be maintained
> carefully. We for example build on special Linux systems to ensure that
> our binaries are worked on as many as possible Linux distros.
> 

Well I'm not sure how possible that is.  We do need to do OS upgrades
sometimes, and if sufficiently many projects use the facility we'll
almost always have one within the "built, but not built-with-cert"
window yet.

IOW I don't like the idea of projects being a blocking factor for doing
OS upgrades.  That will never work.

Can one of the buildmasters weigh in here?

> We in AOO retrieve already the svn revision during the build process and
> put this information in the about dialog for reference. And we retrieve
> "Last Changed Rev: *******" in our AOO related tree to avoid confusion.
> 

You should use svnversion output, 'Last Changed Rev' won't deal with
three different conditions that svnversion does deal with.  (_if_
svnversion output =~ /^\d+\n?$/, you can then use the 'Last Changed Rev'
if you prefer that.)

> > 
> > Can you write this all down somewhere?  A wiki page maybe, or a *.txt
> > file under (a new dir under)
> > https://svn.apache.org/repos/infra/infrastructure/trunk/projects/
> > (world-readable subtree).
> 
> everybody is free to extend additional information on the already
> started wiki page http://wiki.apache.org/general/ASFCodeSigning
> 
> I don't think we need a further one

+1

Amended request: add the agreed-upon details from this thread to that
page.

> By the way this page is not new and was proposed weeks ago to collect
> requirements and general information.  One reason why I have restarted
> the discussion in this thread.

Mime
View raw message