Re: [RFC] General Resolution to deploy tag2upload

To: debian-vote@lists.debian.org
Subject: Re: [RFC] General Resolution to deploy tag2upload
From: Simon Richter <sjr@debian.org>
Date: Wed, 19 Jun 2024 16:51:04 +0900
Message-id: <[🔎] e3e5cfd4-b8bb-4972-9071-2e129a25af12@debian.org>
In-reply-to: <[🔎] CABpYwDVkLX0jX_7hcoQN3h+SbmkLtsJTpcD80vZCaBpBeK41TQ@mail.gmail.com>
References: <[🔎] 87wmmvrubl.fsf@melete.silentflame.com> <[🔎] CABpYwDUDe44cnr2i_vaQB_C_vm2TbNrCYw3n+mjhiW-HTAZrQg@mail.gmail.com> <[🔎] 02c87cb9-3a4e-4d91-a0f1-8639df085053@debian.org> <[🔎] 3134508.jXOKZmF5Vs@soren-desktop> <[🔎] CABpYwDVkLX0jX_7hcoQN3h+SbmkLtsJTpcD80vZCaBpBeK41TQ@mail.gmail.com>

Hi,

On 6/19/24 00:57, Aigars Mahinovs wrote:

This is *exactly* the same situation as we already have with
source-only uploads. There is a
state of the software upload that the developer signs off on and then
there are further technical
build artifacts that the developer does *not* sign - they are signed
by the technical systems that
generated those artifacts. And those systems are centrally maintained
for scalability, convenience
and security.

I agree with that, but it effectively changes what we consider a "sourcepackage", and that comes with all the baggage of archival:

- we need to store the actual contents in the archive, not just areference to an online service, or the online service becomes part ofthe archive.- we need to distribute that on CDs and mirrors (which both have sizeconstraints)

 - we need to keep and archive also the tools required for processing
 - we still need to be able to comply with removal requests
 - we need to be able to deal with "epochs" in package development

For example, the "clinfo" packages that were shipped in jessie and instretch and following are completely unrelated, they just have similarenough output that one could be used as a replacement for the other.

If those had been git-maintained packages, how would those have beenarchived? Is the dgit package namespace separate from Debian sourcepackage names?


Building the conversion service is the easy part of the problem.

   Simon

Reply to:

Follow-Ups:
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Aigars Mahinovs <aigarius@debian.org>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Matthias Urlichs <matthias@urlichs.de>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

References:
- [RFC] General Resolution to deploy tag2upload
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Aigars Mahinovs <aigarius@debian.org>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Thomas Goirand <zigo@debian.org>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Soren Stoutner <soren@debian.org>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Aigars Mahinovs <aigarius@gmail.com>

Prev by Date: Re: [RFC] General Resolution to deploy tag2upload
Next by Date: Re: [RFC] General Resolution to deploy tag2upload
Previous by thread: Re: [RFC] General Resolution to deploy tag2upload
Next by thread: Re: [RFC] General Resolution to deploy tag2upload
Index(es):
- Date
- Thread