Hello everybody,
recently, the 5000th PR [1] of the ComplianceAsCode project landed, proposing the Packit CI support. Packit uses the Fedora spec file [2], i.e. source of the RPM package, in the test process.
The discussion in that PR centered around handling of the spec file - it now became possible to have it in the repository, syncing it with the Fedora server, or Packit would pull it from the Fedora repository whenever it is needed. Both ways have theirs pros and cons, and as you can read in [1], some members of the community raised concerns that the current way of how the spec file is handled encumbers the community.
So if this is also your case, please let us know how having the spec file upstream would change the situation for you. For the sake of completeness, nowadays we update the package every time we make an upstream release, and we issue a build and respective update right after.
References:
[1]: https://github.com/ComplianceAsCode/content/pull/5000 [2]: https://src.fedoraproject.org/rpms/scap-security-guide/blob/master/f/scap-se...
On 11/28/19 8:18 AM, Matěj Týč wrote:
Hello everybody,
recently, the 5000th PR [1] of the ComplianceAsCode project landed, proposing the Packit CI support. Packit uses the Fedora spec file [2], i.e. source of the RPM package, in the test process.
The discussion in that PR centered around handling of the spec file - it now became possible to have it in the repository, syncing it with the Fedora server, or Packit would pull it from the Fedora repository whenever it is needed. Both ways have theirs pros and cons, and as you can read in [1], some members of the community raised concerns that the current way of how the spec file is handled encumbers the community.
So if this is also your case, please let us know how having the spec file upstream would change the situation for you. For the sake of completeness, nowadays we update the package every time we make an upstream release, and we issue a build and respective update right after.
References:
Does the conversation need to go beyond "default to open"?
https://www.redhat.com/en/about/videos/default-open-story-open-source-and-re...
Hi,
It doesn't go beyond "default to open". Fedora repositories are publicly available and the Fedora spec file is open source.
The question is which location of the spec file is more convenient for both Red Hat and the community.
Best regards
On Wed, Dec 4, 2019 at 7:02 PM Shawn Wells shawn@redhat.com wrote:
On 11/28/19 8:18 AM, Matěj Týč wrote:
Hello everybody,
recently, the 5000th PR [1] of the ComplianceAsCode project landed, proposing the Packit CI support. Packit uses the Fedora spec file [2], i.e. source of the RPM package, in the test process.
The discussion in that PR centered around handling of the spec file - it now became possible to have it in the repository, syncing it with the Fedora server, or Packit would pull it from the Fedora repository whenever it is needed. Both ways have theirs pros and cons, and as you can read in [1], some members of the community raised concerns that the current way of how the spec file is handled encumbers the community.
So if this is also your case, please let us know how having the spec file upstream would change the situation for you. For the sake of completeness, nowadays we update the package every time we make an upstream release, and we issue a build and respective update right after.
References:
Does the conversation need to go beyond "default to open"?
https://www.redhat.com/en/about/videos/default-open-story-open-source-and-re...
-- Shawn Wells Chief Security Strategist North America Public Sector shawn@redhat.com | 443-534-0130 _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor...
-- Jan Černý Security Technologies | Red Hat, Inc.
On 04. 12. 19 19:01, Shawn Wells wrote:
On 11/28/19 8:18 AM, Matěj Týč wrote:
Hello everybody,
recently, the 5000th PR [1] of the ComplianceAsCode project landed, proposing the Packit CI support. Packit uses the Fedora spec file [2], i.e. source of the RPM package, in the test process. ...
Does the conversation need to go beyond "default to open"?
https://www.redhat.com/en/about/videos/default-open-story-open-source-and-re...
Here is a small update of what Packit can / can't do as of January 2020:
* The spec file synchronization would only apply to rawhide spec files, which is not what general public comes in touch with. * Packit CI doesn't work with spec files that reference other files from dist-git, s.a. patches.
In other words, the current purpose of Packit CI is verification whether a package can be built on Fedora, and there is a risk of false positives - different Fedora versions may require different spec files in order to build, which Packit can't handle ATM.
I see no benefit to expose Rawhide spec file in the upstream project, and I am against exposing it for modification to people who may not have gotten familiar with Fedora packaging guidelines and that themselves can't propose Fedora updates.
scap-security-guide@lists.fedorahosted.org