[csw-maintainers] The release process: a write-up
Philip Brown
phil at bolthole.com
Mon Jan 19 00:52:07 CET 2009
On Sun, Jan 18, 2009 at 11:36:23PM +0100, Trygve Laugstøl wrote:
> ...
> Phil: would you mind noting down an overview of how the process is? If
> it already is noted down, I'm sure Peter can point out what he feel that
> is missing and then those points can be fixed.
Reguarding the release process: there's really very little to it that isnt
already documented.
Here's a description for you right now. again. I seem to recall I wrote
this up for the maintainers list, but it's easier for me to write it here
again than seach for it. But I'll change the subject line so it's easier to
search in the future.
Once a package is put in newpkgs by the maintainer, I look it over to see
if there's any "gotchas" to it, and run checkpkg on it.
If everything looks good, then I run a silly little "registerpkg" script
to add it to a trivial mysql table. I also add an area to mantis for it if
there isnt one already.
This script is sitting easily accessible to Ihsan in my home directory on
www.opencsw.org
Beyond that, I run a catalog update script and sign it.
Peter is already INTIMATELY familiar with this step, since he decided to
write his own utility to do exactly the same thing for blastwave.
Then, its a simple matter of "rsync to our master site, and we're done".
......
There's no "big hidden mystery". Its all pretty obvious. As I noted above,
Peter is already very familar with one of the more complicated bits, since
he replicated it himself for blastwave, after the split!!
So his big complaints about "I dont understand what's going on" seem rather
disengenuous to me.
Peter wrote in his own email,
> There's really no defence to your single of point of failure strategy.
There is no single point of failure through me; this has been addressed
already. If I got run over by a bus tomorrow, opencsw could continue to
release packages, without any noticable impact to users. No need to change
keys, everything would look the same to them:
James has the signing key; Ihsan and Dago have access to the databases, and
the "registerpkg" script, which is just sitting there in my directory on
www.
Peter knows this already. It seems like this fuss is really all about
him not liking to get MY approval for HIS packages, and he wants to go
through someone else, or better yet, not have to go through anyone
to double-check his work.
He keeps claiming it's about "single point of failure", but as I have
pointed out, on here, and at the in-person meeting,
That Has Been Handled Already. And everyone at the meeting agreed,
so we moved on. Doesnt that match your recollection, Trygve?
More information about the maintainers
mailing list