On 10/26/2016 01:45 PM, Neal Gompa wrote:
For Fedora, I would suggest to replicate the separate security archive with its push mirrors. The way the Fedora updates repository is updated seems to cause far more delays than what is lost due to build delays (the only part the embargoed builders could improve).
There's no point to this, since our updateinfo metadata includes the classifications,
This doesn't help if the data is published only once per day.
and the Debian/Ubuntu approach means that the same package needs to be pushed to both the security repository and the regular updates one. This is not great for keeping things sane for mirrors.
Of course, the end user systems would have the security repository enabled, so timely pushes to the updates repository are not needed anymore to make updates available.
It should be possible to emulate this setup with a COPR repository even today.
However, extending Koji to support "hidden builds" is certainly a good idea.
Trust me, it's not. Embargoes are against the spirit of Fedora, and a general hassle for everyone involved. Deploying a lot of infrastructure for the one or two cases per year where it comes in handy does not make sense.
Florian