LSB conf call notes for 2008-10-01

Printer-friendly versionWichmann, Brian Proffitt, Ron Hale-Evans, Kay Tate, Robert Schweikert, Dalibor Topic, Alexey Khoroshilov, Jiri Dluhos. Jeff: new x86-64 box. Distributions to install on new box? Alexey: openSuSE 11.1. Ted: may want to work with SuSE to get their SLES 11 prerelease, also Red Hat Rawhide. Mats: SLES 11 is in beta. Ted: Fedora. Should be able to get us access to RHEL 5, asking them what they'd like tested. General rule of thumb: Ubuntu, SLES, and RHEL, current enterprise release, latest community distro, prereleases. Russ: those change frequently. Ted: would like immediate feedback on changes. Jeff: can probably get updates. Ted: ideally, all the distros would continuously test against latest released stuff. Jeff: old x86-64 box? Ted: stability problems? Mats: only when we ran the Xen kernel. Russ: mirror/install archive for local subnet stuff? Jeff: nervous about changing during the release process; do we have issues at OSUOSL? Ted: might have power issues; might be asked to rotate something out if we deployed something new. Could be a good place to deploy test stuff, etc. Spec builds. Jeff: fixed? Mats: yes. Ted: moving off proprietary software? Jeff: bug is there, lower priority unless we run into problems. SI. Jeff: being built. Ted: what machines is he using? Jeff: his own, possibly the Novell box. Ted: will ping re: getting him to use our infrastructure. Jeff: could move to the new box. Ted: also, is the Novell machine still useful for that? Let's make sure we're using the machines as efficiently as possible. Russ: found some bugs in our scripts regarding missing sigs, also we're seeing packages getting signed with the wrong keys. Providing a passphrase via expect; should make sure we sign the right stuff with the right keys. Can't find a statement about which keys the LSB uses. Not confident that we can prove that LSB packages are correct and not corrupted. Also, signing noarch packages with a key for x86-64 packages, etc. Why do we need different keys for each autobuilder? Also, docs for which keys serve which roles. Key management is probably bad as well. Jeff: autobuilder and release key roles separation. Russ: keys should be signed by outside people for web-of-trust. Jeff: use one key per release role, instead of different keys for different packages? Russ: yes. Mats: yes. Could also consolidate the autobuilder key to one. Russ: three keys, one for autobuilder, one for beta, one for release. Mats: there is a master LSB key for signing other keys. It's signed by a few people in the keyservers. Ted: how old is it? Mats: old. Russ: fingerprint? Mats will dig up and post in IRC. Ted: should probably build a formal proposal. Should also think about regenerating keys every so often. Also: how should we protect non-autobuilder keys? Russ: communication plan as to announcement of new keys, and security adjustments. Ted: maybe not on RH scale, but do need something like that. Russ: also, sending gpg errors to /dev/null is bad. Filed bugs. Ted will write the key management proposal.