[WBEL-users] Rsync Updates Organizing

Ben Mohilef benm@dsl-only.net
Fri, 19 Nov 2004 18:32:32 -0800 

On 19 Nov 2004 at 14:59, David Mir wrote:

> So do you know what the current "extensive package testing system"
> yes? If so please state it. I mean this and am not trying to be mean
> or anything just want to know so if some people decide to start
> updating themselves they can use a similar system.
> 

Here is a scenario for a minimum testing system. I'm sure that 
others can add to this scenario.

Several builders must produce the same md5sum on each of those 
RH updates which do not require alteration. 

On Whitebox specific updates [in which the RH logos need to be 
removed ] one person needs to alter the code and several others 
need to unpack his/her work and make sure that something awry 
did not happen to the code (lots of "diff" work). Then the object rpm
has to be built by several others and the md5sums checked for
agreement as above.

That cumbersome procedure provides a minimum level of  
protection from one or two malware-writer types "contributing"  
undesirable results to the project. 

This scenario doesn't look too hard until someone tries to 
implement it. Someone has to be in charge of this adventure and 
maintain communication flow and organization. Otherwise it will 
deteriorate into a game of disorganized grabass.

That person should be aware that he/she won't be very popular if
anything goes wrong. Takes good project management skills, a 
very thick skin and an adequate amount of free time. 

I'm also not trying to be mean either, but I am somewhat afraid of a
security problem with a group effort. I'd rather roll my own or  get
the occasional difficult rpm  (essentially openoffice) from Centos. 
We rolled our own on almost all of the September updates on a 
spare box (which had a clean fully updated install and is not directly 
connected to the internet ) and installed them a couple of days after 
RedHat released the src rpms on their ftp site. It took minimal effort 
once we loaded all the relevant -devel rpms into that box. 

I am hoping that John Morris finds the time and inclination to 
resume the updates, which would resolve this entire issue for all of
us. 

regards,

ben