Re: [RFC] General Resolution to deploy tag2upload

To: debian-vote@lists.debian.org
Subject: Re: [RFC] General Resolution to deploy tag2upload
From: Scott Kitterman <debian@kitterman.com>
Date: Sun, 16 Jun 2024 04:47:49 +0000
Message-id: <[🔎] 3573FA64-54AA-4C90-8BB2-AEA6D2F1B360@kitterman.com>
In-reply-to: <[🔎] 87ttht5wpg.fsf@melete.silentflame.com>
References: <[🔎] 87wmmvrubl.fsf@melete.silentflame.com> <[🔎] 6608d61f-af0a-4d3e-8d04-b16c95077a01@debian.org> <[🔎] 87v82dntgb.fsf@melete.silentflame.com> <[🔎] 57a0f331-9dea-4de7-91c9-459322af157b@debian.org> <[🔎] 87a5jnalml.fsf@melete.silentflame.com> <[🔎] 0F277345-D9D3-47C4-A9D5-3D0870C3DD98@kitterman.com> <[🔎] 87ttht5wpg.fsf@melete.silentflame.com>

On June 16, 2024 4:38:03 AM UTC, Sean Whitton <spwhitton@spwhitton.name> wrote:
>Hello,
>
>On Fri 14 Jun 2024 at 06:06pm GMT, Scott Kitterman wrote:
>
>>
>> I'm a bit confused by the claim that no infrastructure changes are needed for
>> this to go forward.
>>
>> If I have been following the proposal correctly, source packages will be
>> signed by tag2upload and not the uploader.  Doesn't that mean changes are
>> going to be needed so that we know in the archive who uploaded the package?
>>
>
>Ah, do you mean how tracker.d.o shows (signed by: foo@bar.org) for a
>sponsored upload?
>
That's one place it shows up.

Today I can download any source package in the archive and verify who uploaded the package and is responsible for its contents.  It doesn't matter if I download it from the main archive or a mirror.  Personally, I think that's an important characteristic of our package archive, which is lost by tag2upload.

Scott K

Reply to:

Follow-Ups:
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Russ Allbery <rra@debian.org>

References:
- [RFC] General Resolution to deploy tag2upload
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Thomas Goirand <zigo@debian.org>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Thomas Goirand <zigo@debian.org>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Scott Kitterman <debian@kitterman.com>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Sean Whitton <spwhitton@spwhitton.name>

Prev by Date: Re: [RFC] General Resolution to deploy tag2upload
Next by Date: Re: [RFC] General Resolution to deploy tag2upload
Previous by thread: Re: [RFC] General Resolution to deploy tag2upload
Next by thread: Re: [RFC] General Resolution to deploy tag2upload
Index(es):
- Date
- Thread