Re: Cryptic messages from installers
On 18 Apr 2001, James Troup wrote:
> Santiago Vila <sanvila@unex.es> writes:
>
> > The real problem is that the upload queue notifies the person in the
> > Maintainer field, not the person who gpg-signed the upload...
> >
> > Would be very difficult for katie to parse the gpg signature to see
> > who should be notified?
>
> katie != upload queue. But in any event doing this would be horribly
> broken; mail should be sent to the relevant address given, not by
> making broken assumptions based on random things like the signature on
> the file.
"A gpg signature is a random thing" --Debian gnupg maintainer.
Great quote! :-)
You must be joking. A gpg signature represents the person responsible
for a given upload. You can make a mistake if you forgot to pass -m to
buildpackage, but you can't gpg-sign with the private key of another
developer. If there is something "random" here is the Maintainer
field, not the gpg signature.
> For a real world example: buildd uploads are signed by real
> maintainers but they do _not_ want either the upload queue or katie to
> mail them about the uploads; that mail needs to go to the Maintainer:
> field, i.e. the buildd so it can be processed.
This is just a mail filtering problem. A maintainer running a buildd
should be allowed to have several different gpg signatures, one for
his own packages, another one for the ported packages under his
responsability, so that both katie and upload queues mail
notifications to different addresses.
Reply to: