Ticket #4906 (closed task: wontfix)

Opened 3 years ago

Last modified 2 years ago

some form of QA access to torrent and mirror content prior to public posting

Reported by: robatino Owned by: rel-eng@…
Milestone: Component: koji
Keywords: Cc:
Blocked By: Blocking:

Description

In the last several releases, there has been a high probability that at least some of the Alpha and Beta torrents will have only unsigned checksum files (see https://fedorahosted.org/fedora-qa/ticket/237 ). No matter how quickly the problem is noticed, one is always told that it can't be fixed after public posting, since people are already downloading. Unfortunately, QA has no access prior to public posting to prevent it. There are documentation issues in releng's SOP pages that probably aggravate this problem (see the other ticket), but even if these are fixed, QA should still have a chance to check the content before it's public. A lesser problem is if the checksum files are signed more than once and different files are used on the torrents vs. mirrors (as in F15 Final). I realize there are possible secrecy issues regarding access to the signed files prior to the official release, but the mirrors are given access days in advance, and they almost always leak. QA might be able to set up some kind of AutoQA checking to minimize the amount of human access. In any case, QA could at least be given access to the .torrent files, to check the size of the checksum files. Signing adds about 1K to the size, so it would be possible to detect if the unsigned file was used. Having access to the actual signed file would be nicer, if possible, since the test could be both simpler and more reliable (verifying the signature itself).

Change History

comment:1 Changed 3 years ago by robatino

  • Milestone Fedora 16 Beta deleted

comment:2 Changed 3 years ago by ausil

  • Resolution set to invalid
  • Status changed from new to closed

the .torrent files go live within a few minutes of their generation. they have always been there and available download before release

comment:3 Changed 3 years ago by robatino

  • Resolution invalid deleted
  • Status changed from closed to reopened

That doesn't make any sense - can you explain the technical details of how the .torrent files are generated that currently make it impossible to provide QA access in advance? Whatever they are, it's possible to change them.

comment:4 Changed 3 years ago by robatino

Also, it doesn't necessarily have to be the .torrent files - access to the actual contents of the torrent prior to generating it would also work (and be preferable, as noted above, since the signature could be checked).

comment:5 Changed 3 years ago by ausil

  • Resolution set to invalid
  • Status changed from reopened to closed

im saying the .torrent files already are available and always have been.

comment:6 Changed 3 years ago by robatino

  • Resolution invalid deleted
  • Status changed from closed to reopened

Are you saying, then, that it is in fact possible to get incorrect .torrent files changed after being posted? I've always been told this is impossible (and that impossibility is the main motivation for this ticket).

comment:7 follow-up: ↓ 8 Changed 2 years ago by adamwill

We are still waiting on this ticket in regards to QA ticket https://fedorahosted.org/fedora-qa/ticket/237 . Any news? Thanks.

comment:8 in reply to: ↑ 7 Changed 2 years ago by robatino

Replying to adamwill:

We are still waiting on this ticket in regards to QA ticket https://fedorahosted.org/fedora-qa/ticket/237 . Any news? Thanks.

See https://fedorahosted.org/fedora-qa/ticket/237#comment:9 - it needs to be clarified whether it's possible to change .torrent files after they are posted. (Up to now, everyone has told me that no, it's not, though I don't see why.)

comment:9 Changed 2 years ago by ausil

  • Resolution set to wontfix
  • Status changed from reopened to closed
Note: See TracTickets for help on using tickets.