kbabioch

In the past I've worked on a set of scripts to identify potential for improvement of the supply chain within our build service. For now RPM files can be scanned for unused signature files that are available upstream and look for potentially unused https:// links, although they are available.

There is a tool called caff, which is the de-facto standard when dealing with keysigning (on a large scale, e.g. after a key signing party). This tool hasn't been touch in years, is written and configured in Perl (hence cannot be read and/or maintained :smile:) and is not easy to package, because of a lot of dependencies, etc. It is not even available in our default repositories (at least for Tumbleweed). In general there seems to be a certain kind of frustration with this software, but there is no real alternative available yet.

I'm currently using urlwatch to watch for new releases in upstream projects. It monitors the output of a URL and notifies you about any changes. This works fine for URLs, but there is currently no official support for GitHub. Due to the nature of the GitHub webpages, there is a some change each time you access the page and it is difficult to come up with the right set of filters.

Since I'm a little bit of a drone-a-matic myself, and I enjoy flying around with drones, I propose to fly around/above the SUSE building, record some footage, and make a cool promo video out of it.