What would you recommend: ansible is in EPEL8 and ConfigSIG. For the latter I do not see any sources in git.centos.org. Where they come from? I wonder with which repository I should use (long term)? dnf not checking gpg signature sounds scary: https://github.com/ansible/ansible/blob/v2.9.13/changelogs/CHANGELOG-v2.9.rst#security-fixes -- Leon
On 03/09/2020 20:51, Leon Fauster via CentOS wrote:> > What would you recommend: ansible is in EPEL8 and ConfigSIG. > For the latter I do not see any sources in git.centos.org. > Where they come from? > > I wonder with which repository I should use (long term)? > > dnf not checking gpg signature sounds scary: > > https://github.com/ansible/ansible/blob/v2.9.13/changelogs/CHANGELOG-v2.9.rst#security-fixes > >Hi Leon, For ConfigManagement SIG, I use directly upstream src.rpm (available on https://releases.ansible.com/ansible/). and 2.9.13 was rebuilt directly on the day it was announced (https://cbs.centos.org/koji/buildinfo?buildID=30563 and https://cbs.centos.org/koji/buildinfo?buildID=30564) , quick sanity test and then signed/pushed out to mirror.centos.org (and so external mirrors too, as usual) With the upcoming changes for 2.10 and Ansible deciding to not provide pkgs anymore, I guess I'll rebase on good work done by Kevin (ansible pkg maintainer in Fedora/Epel) but probably trying to track various branches (like we do for 2.7/2.8/2.9 for people deciding to stay on a branch/version as long as it's supported upstream) See blog post about the switch: https://anonbadger.wordpress.com/2020/08/25/why-upstream-ansible-stopped-shipping-rpms/ -- Fabian Arrotin The CentOS Project | https://www.centos.org gpg key: 17F3B7A1 | twitter: @arrfab -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20200906/92718fc5/attachment-0002.sig>
Am 06.09.20 um 12:22 schrieb Fabian Arrotin:> On 03/09/2020 20:51, Leon Fauster via CentOS wrote: >> >> What would you recommend: ansible is in EPEL8 and ConfigSIG. >> For the latter I do not see any sources in git.centos.org. >> Where they come from? >> >> I wonder with which repository I should use (long term)? >> >> dnf not checking gpg signature sounds scary: >> >> https://github.com/ansible/ansible/blob/v2.9.13/changelogs/CHANGELOG-v2.9.rst#security-fixes >> >> > > Hi Leon, > > For ConfigManagement SIG, I use directly upstream src.rpm (available on > https://releases.ansible.com/ansible/). and 2.9.13 was rebuilt directly > on the day it was announced > (https://cbs.centos.org/koji/buildinfo?buildID=30563 and > https://cbs.centos.org/koji/buildinfo?buildID=30564) , quick sanity test > and then signed/pushed out to mirror.centos.org (and so external mirrors > too, as usual) > > With the upcoming changes for 2.10 and Ansible deciding to not provide > pkgs anymore, I guess I'll rebase on good work done by Kevin (ansible > pkg maintainer in Fedora/Epel) but probably trying to track various > branches (like we do for 2.7/2.8/2.9 for people deciding to stay on a > branch/version as long as it's supported upstream) > > See blog post about the switch: > https://anonbadger.wordpress.com/2020/08/25/why-upstream-ansible-stopped-shipping-rpms/Hi Fabian, thanks for the input. Yeah, Kevin catched up and epel-testing has the current version now. I was not aware of the mentioned ansible plans but until its related for the common admin the 2.9-branch has still maintenance support [*]. But this splitting makes packaging harder now. Anyway, the big picture is clearer now. Thanks. -- Leon [*] https://docs.ansible.com/ansible/devel/reference_appendices/release_and_maintenance.html