On 13/12/2007, Todd Zullinger wrote: > Michael, > > Many thanks to you for correcting my inaccuracies and offering your > experience and insights. Your work on keeping Cor + Extras repos in a > sane state is greatly appreciated. I'm not involved in anything related to the Core repos. Only Extras. > Aren't the repos now created fresh each time and thus require the > whole multilib compose (which is slow, as far as I have read/heard)? Yes, if "mash" is used, which asks koji for the full list of packages with a given tag. > If not, are there good reasons why it's not done? I know things have > changed greatly with the introduction of the new build tools. Do you > happen to know if that's the main reason that repoclosure isn't run > before each push now? It's unimplemented afaik. AIUI, the pkg signatures are stored in koji already, and bodhi only adjusts the tags, e.g. when a package is moved from updates-candidates to updates. Once mash has built an up-to-date set of updates repos, repoclosure could be run as a last check, and that alone would not take much time. The problem I see is that it's an all-or-nothing operation when the compose takes so long and important security fixes are included. If broken deps are found, it would be necessary to determine and untag the bad packages and very likely redo the full compose to remove them -- if there are no tools that can modify the temporary repos differently. And then run repoclosure again, as the removed packages may be dependencies of other packages which would be published. It's a scenario that asks for a more mighty implementation.
