-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
import: bump timestamp/snapshot for some scheduling leeway #395
Comments
I've been reviewing the code for this: online-sign should just work as there is no checks that online role versions move sequentially. The "blockers" are:
That said, I think we can handle this by just rebasing the signing event PR when the signing event is ready: I think it just works. I will test this out in a test repo |
Wait, I'm actually wrong: We don't need to do anything since the signing-event does not modify online roles* even in the import signing event! So the merge to main should be clean automatically if we don't modify online roles in main... I will still test this but we should be fine (*) at some point this was not true, and I kept remembering that |
Right, playing the update through "on paper" this requirement means:
signing-event PR then merges cleanly and repo should be 100% correct even if legacy online signing happened |
the process in the last comment worked fine |
During a repository import there is a scheduling annoyance where the "legacy" repository may still bump timestamp/snapshot while the initial signing event is being constructed. This seems like it sets a tight limit to the initial signing event...
There is a simple solution to this since timestamp/snapshot versions do not have to be sequential (they only have to be increasing): We can just make a significant bump to snapshot and timestamp versions during the import . This ensures a few "legacy updates" won't make the signing event invalid.
The text was updated successfully, but these errors were encountered: