Re: [RFC] General Resolution to deploy tag2upload

To: Russ Allbery <rra@debian.org>, Joerg Jaspert <joerg@debian.org>
Cc: Sean Whitton <spwhitton@spwhitton.name>, debian-vote@lists.debian.org, Helmut Grohne <helmut@subdivi.de>, debian-ctte@lists.debian.org
Subject: Re: [RFC] General Resolution to deploy tag2upload
From: Ansgar 🙀 <ansgar@43-1.org>
Date: Wed, 19 Jun 2024 10:09:13 +0200
Message-id: <[🔎] d8c11c675f7859e200d26af1423f67f1649e8439.camel@43-1.org>
In-reply-to: <295a85812e7168290bcdab5af5bacc2acc98c9ed.camel@43-1.org>
References: <87wmmvrubl.fsf@melete.silentflame.com> <87ed8ymbvx.fsf@ganneff.de> <87msnmxcdx.fsf@hope.eyrie.org> <87zfrklf2z.fsf@ganneff.de> <87frtbv1ng.fsf@hope.eyrie.org> <87jzimkk2g.fsf@ganneff.de> <87ed8teuz3.fsf@hope.eyrie.org> <295a85812e7168290bcdab5af5bacc2acc98c9ed.camel@43-1.org>

Hi,

On Wed, 2024-06-19 at 08:26 +0200, Ansgar 🙀 wrote:
> > My understanding of the tag2upload developer position is that this
> > requirement prohibits the goal of tag2upload.  People who want to
> > build the source package locally can already use the same algorithm
> > today; that's what dgit is.  The whole point of the tag2upload
> > project is to remove the requirement that the package uploader
> > install dgit or equivalent software locally and build the source
> > package locally. This FTP team requirement therefore makes it
> > impossible for tag2upload to proceed; any system that would have the
> > required property would fail to accomplish the core goal of the
> > tag2upload project.  Therefore, this delegate decision is blocking
> > the deployment of tag2upload.
> 
> The code the tag2upload developers wrote is perfectly able to do that:
> git-debpush, the tag2upload client by the tag2upload developers,
> doesn't require dgit nor building the source package, and documented in
> the initial mail about the GR to be used by people. It already looks at
> patched and unpatched source trees (and checks that patches applies)
> and compares them with the tree in Git.
> 
> It could easily compute an integrity hash as well.
> 
> Or is git-debpush itself incompatible with the goals of tag2upload?
> What would a client-side compatible with the goals then look like?
> 
> Will such a client be available before the GR?
> 
> I hope the tag2upload developers requirements will not make it
> impossible to proceed and they will not continue to block the
> deployment of tag2upload.

And thinking about this a bit more: we have an existing resolution
mechanism for this blocker. The technical committee could overrule the
git-debpush maintainers to include such a hash.

This would unblock deployment of tag2upload for Debian, including the
continued use of integrity verification by the archive (in its current
scope limited to mostly dak).

Ansgar

Reply to:

Prev by Date: Next meeting -- today, 8am UTC
Next by Date: Last CTTE meeting
Previous by thread: Next meeting -- today, 8am UTC
Next by thread: Last CTTE meeting
Index(es):
- Date
- Thread