(not to grandstand, but in the spirit of being honest and speaking my truth -- I personally (without any hats on) I'm interested in the end-goals -- this effort seems like a good thing to help move the project forward, reduce toil and secure the archive. This specific project was done in such a way that I want to avoid this tag2upload thing as much as I can. I don't think my time and thoughts would be respected, given the lack of communication and interest in collaboration. This isn't a great start to a project -- 5 years of radio silence and stories re-told within a team about others, and a GR threat dropped on a team that's the repeated subject of project ire rather than in interest in talking directly isn't fun -- I know i'm being a bit harsh here but it's not pleasant to see this come out, even I agree with the end goals)
It sure seems like there's a foundational disagreement that needs to be overcome before we mash through a specific implementation given mismatched constraints -- which is, "what does source mean to Debian".
I wonder if we have a good idea of what the project believes to be the case between #1 and #2:
1) Is the source of a package the debian source distribution?
2) Is the source of a package the VCS where the source is held?
Or, to extend it once more in the context of this discussion -- should the source be built by a buildd from the "true" source? Why do we bother having a maintainer sign this intermediate artifact, like we used to with debs?
Even more extremely -- should we bother with dscs anymore if they're just an intermediate artifact?
Most extremely -- do we need a new dpkg source format? Should buildds build off git tags? Do we need to overhaul how we treat sources?
Galaxy brain extremely -- what does GPL compliance mean if the dsc is not the true source? (ok this one isn't serious, there's no doubt it's corresponding source :) )