Urgent Updates Policy
From time to time urgent updates come along that we would like to push to our users as fast as possible. These include urgent security fixes or updates that fix criticial fuctionality (like the ability to get more updates). We will have a side repo called 'urgent-updates' that contains these fixes for a short time. Packages added to this repo are signed and added, then removed a week after the regular updates are pushed to stable.
- MUST be a urgent security or bugfix update (proposed by SRT?)
- MUST have a regular bodhi update submitted.
- MUST file a releng ticket and indicate that this update should be added to the urgent-updates repo
This is a list of things we need to do to make this policy work:
- Add an 'Fedora urgent' type to bodhi2 that is like 'Fedora' and 'Fedora EPEL'
- 'Fedora urgent' has the same active branches as 'Fedora'
- Bodhi mashing config for 'Fedora urgent' sets:
- No drpms
- mashes/outputs to a staging repo we can test with before syncing.
- Need to add tags, that are locked. releng can tag update(s) into fN-urgent-candidate to allow the maintainer to submit to bodhi (or can themselves).
- Need to add fedora-N-urgent repo in with just a direct link to master mirrors.
- sync script that can be manually run.
- empty repo to point fedora-N-urgent to when no updates in it.
- update/fix is commited and built.
- maintainer submits bodhi updates as normal
- maintainer (or interested folks) submit releng ticket asking for urgent update addition.
- build(s) are tagged into tags, signed and bodhi updates push run. (should be fast, small repo, no drpms)
- releng asks qa to test urgent repo in staging area. (needs human intervention/testing)
- sync to master mirrors. (just a few minutes)
- after update is in stable for 1 week, untag from urgent tags, re-run bodhi push