Thanks for sqv in apt
Hi.  I just wanted to say thank you to all the people who have
contributed to the fact that apt now verifies packages with Sequoia
(sqv) by default.
I know I will have missed some people, hence the CC to -devel and to
the Debian Rust team.  And thanks of course are also due to all the
upstream contributors to Sequoia and its dependencies.
This change (and Sequoia adoption more generally) will be an
improvement for many of Debian's users, and also enable other
necessary changes.  But I have a more personal reason for being
pleased right now:
This change has sped up the dgit test suite, running locally on my
laptop, from taking around 9-10 mins, to taking 5-6.  So this single
change has sped up my tests by a factor of nearly 2.  When doing
serious development[1] I like to run the test suite on every commit,
so this is a massive boon.
For those who want to know where such a terrific speedup came from:
The dgit test suite does a *lot* of simulated uploads, mostly with
little pet apt archives.  So it runs apt a lot.  And, the test suite
has multiple horrific workarounds for gnupg2's terrible startup races,
including a nightmarish contraption that completely serialises all
invocations of gnupg across all the different tests; empirically that
reduced the failure probability of the whole test suite from "at least
one test always fails" to "it might fail once or twice on a long
branch".  So not running gnupg means less serialisation and less
overhead.  I also expect it to be more reliable :-).
In Debian the benefits of improvements are often diffuse, and felt by
users a long way from the developers.  For a user it's hard to know
who to thank.  And of course change comes with bugs and sometimes with
controversy, which are less nice things to land on the maintainers'
and contributors' plates.  So I felt that when one specific change had
made such a dramatic positive impact on me, I wanted to say thanks.
I look forward to more and more adoption of gnupg alternatives in
Debian.
And thanks to everyone who helps make Debian be the capable but boring
operating system that just works, giving our users across the world a
system that serves *their* interests, and helps them get shit done.
Best wishes and a belated happy new year.
Ian.
[1] Currently, I'm doing final pre-merge tests on this 73-commit
MR which implements most of the remaining architectural changes
requested in Russ's security review of tag2upload:
  https://salsa.debian.org/dgit-team/dgit/-/merge_requests/86
I now expect these tests to complete many hours sooner.
-- 
Ian Jackson <ijackson@chiark.greenend.org.uk>   These opinions are my own.  
Pronouns: they/he.  If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
Reply to: