[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security review of tag2upload


On June 17, 2024 5:29:02 AM UTC, Russ Allbery <rra@debian.org> wrote:
>Scott Kitterman <debian@kitterman.com> writes:
>
>> I don't equate responsibility and blame.  If I'm responsible for
>> something and it blows up, then that means I'm responsible to help clean
>> up the mess, regardless of if the thing that went wrong is my fault or
>> not.
>
>How is that type of responsibility not correctly represented by
>tag2upload?  tag2upload is taking responsibility for construction of the
>source package from a Git tree.  If that blows up, it's the responsibility
>of the tag2upload maintainers to help clean up the mess.  The maintainer
>is declaring responsibility for the Git tree that they signed.  If that
>blows up, it's their responsibility to help clean up the mess.
>
I meant it more as a general point about responsibility versus blame in response to your point about a culture of blameless post-incident autopsies.

Given the 5 year latency on this discussion, I'm not particularly convinced that's true, but I wasn't really trying to tie this into the broader discussion.

Scott K
Reply to: