Re: tag2upload service architecture and risk assessment - draft v2

To: debian-devel@lists.debian.org
Subject: Re: tag2upload service architecture and risk assessment - draft v2
From: Russ Allbery <rra@debian.org>
Date: Tue, 27 Aug 2019 17:04:06 -0700
Message-id: <[🔎] 87r256xiix.fsf@hope.eyrie.org>
In-reply-to: <[🔎] 3434823.CiSL2mD1TX@l5580> (Scott Kitterman's message of "Tue, 27 Aug 2019 19:47:18 -0400")
References: <[🔎] 23900.11950.21756.780115@chiark.greenend.org.uk> <[🔎] 23909.24490.724219.512423@chiark.greenend.org.uk> <[🔎] 23909.26130.546529.438293@chiark.greenend.org.uk> <[🔎] 3434823.CiSL2mD1TX@l5580>

Scott Kitterman <debian@kitterman.com> writes:

> As an example, I recall concerns about there not being an uploader
> signature on the source anymore, so we would lose the ability to verify
> from the archive who was responsible for the upload.

Does anyone do this?  Does it work today?

I'm dubious that you would be able to successfully verify all of the
archive from *.dsc signatures now.  Maybe you would be able to verify the
pieces that are the most important to you, though?

I think this requirement is a bit incomplete, in that I don't understand
the use case that would lead you to want to do this.  It's more of a
description of an implementation strategy than a use case, which makes it
hard to find other ways of accomplishing the same use case.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: tag2upload service architecture and risk assessment - draft v2
  - From: Scott Kitterman <debian@kitterman.com>
- Re: tag2upload service architecture and risk assessment - draft v2
  - From: Tobias Frost <tobi@debian.org>
- Re: tag2upload service architecture and risk assessment - draft v2
  - From: Bastian Blank <waldi@debian.org>

References:
- tag2upload service architecture and risk assessment - draft v2
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: tag2upload service architecture and risk assessment - draft v2
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: tag2upload service architecture and risk assessment - draft v2
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: tag2upload service architecture and risk assessment - draft v2
  - From: Scott Kitterman <debian@kitterman.com>

Prev by Date: Re: tag2upload service architecture and risk assessment - draft v2
Next by Date: Re: tag2upload service architecture and risk assessment - draft v2
Previous by thread: Re: tag2upload service architecture and risk assessment - draft v2
Next by thread: Re: tag2upload service architecture and risk assessment - draft v2
Index(es):
- Date
- Thread