Re: Summary of the current state of the tag2upload discussion
Scott Kitterman <debian@kitterman.com> writes:
> On Sunday, June 23, 2024 11:43:47 AM EDT Russ Allbery wrote:
>> You are entitled to believe that my analysis is wrong. You are not
>> entitled to claim that I didn't do the work that I did, quite publicly
>> and openly, right here on this mailing list for everyone to see.
> This was not intended as a personal attack on you. I think you've been
> very diligent in your work and clearly you are trying to be careful to
> address concerns. I don't think that's true of everyone involved in
> this conversation.
So rather than attacking me, you were insinuating attacks on other people.
I'm not sure that's any better.
If you wanted to know why I have been doing most of the discussion rather
than Sean and Ian, you could just ask. There is a quite straightforward
answer:
1. I did an independent security review and most of the discussion has
focused on security and, specifically, on things that I already
considered in my review. I therefore have opinions that I thought
about for weeks before the draft GR was posted, and security is my area
of professional expertise, so it makes sense for me to address those
concerns.
2. I have a lot of patience for sprawling Debian arguments like this, and
I get some amount of personal satisfaction out of keeping them
constructive. I therefore tend to try to step in and make the
arguments in a way that I think is the most productive, often before
someone else can compose a response. I doubtless do this more than I
actually need to.
3. I'm a self-destructive idealist with poor boundary control who ends up
thinking about these discussions whether I want to or not, and since
I'm already waking up in the middle of the night drafting email
messages in my head, I may as well write them down so that I can go
back to sleep? That may be a little harsh on myself. :) But I seem
to allow Debian to destroy my vacations like clockwork every time I
take one, so why stop now.
> My impression is that there's still a communication gap between people.
> I think it's, mostly, in good faith, but it's there.
Oh, probably, but also there is a limit to how much energy one can
possibly sink into a discussion, so at some point, if the discussion is
still stuck, we have to accept that we did the best we could and couldn't
resolve them and it's time for a GR. I'm not going to rephrase things
literally forever until somehow I find the magic phrasing that works and
gets through the communication gap. There's only so much that's humanly
possible.
> As an example, I think the fact that I can download any source package
> in the archive and cryptographically verify who uploaded it and that
> it's unmodified from what was uploaded is an important property of our
> current archive structure. IIRC, you've claimed it's not. I don't
> think either of us has a very good understanding of why the other
> believes that. I think for both of us it's just too obviously true/not
> true to be easy to explain.
This is a disagreement. This is not either of us ignoring each other's
arguments. This is us failing to convince each other. That's not the
same thing at all. (And for what it's worth, I don't think it's too
obviously true to explain. Quite the contrary, I have written at least
two comprehensive explanations for exactly why I think this. But that
doesn't mean they were convincing to someone else.)
I rewrote my original message four times to try to avoid implying the
category into which the FTP team concerns fell. If I still failed, then I
sincerely apologize, but I don't think I did. Here is precisely what I
said:
| Blocking people's work beause it's actively dangerous, sure, sometimes
| we have to do that and it sucks but it may make sense. But blocking
| people's work because it didn't solve a larger problem than they wanted
| to solve, or cared more about backward compatibility than one might
| wish, or changed a security model in a way that's a little better in
| places and a little worse than others... that just feels wrong to me.
| Rude. Dismissive. And self-defeating for Debian as a whole.
There are two options here: actively dangerous, or a bucket of other
possible objections. I very carefully did not try to classify people's
objections into either of those buckets because that wasn't the point.
This (from an earlier paragraph) was the point:
| I do think we should review major changes to ensure that they don't
| create serious new problems, and we have also failed on that score in
| the past. That's part of why I invested a lot of effort in trying to
| help check that in this case. And you may disagree with my evaluation
| there. But what I would ask is to separate that from the question of
| what we ideally should do, separate it from how you would like to see
| the work done, and be very precise and clear about whether there is an
| actual, serious problem. Not just "less than ideal" or "not any better
| than what we already have" or "we could solve so many more problems with
| a more radical design."
In other words, I am arguing for a standard of review for delegate
decisions.
If the FTP team truly believes that tag2upload would create serious new
problems or is actively dangerous, then I agree that they are applying the
correct standard of review. I happen to disagree with that decision and I
think I have a lot of evidence to support my disagreement. If the
tag2upload developers choose to appeal that decision to the project as a
whole, I know which way I'm voting. But that is the correct standard of
review and hopefully we could have a GR on the merits.
If their standard of review is something else, then I am asking them to
please reconsider. Rejecting work that other people care deeply about has
a very high cost for Debian and should require correspondingly serious
justification.
> P.S. FWIW, the emotional reaction I infer you had when you read my last
> message on this topic is pretty close to the one I had when I read the
> message I was replying to.
I have lots of emotional reactions to messages on threads like this. My
emotional reaction is just a fact about me. It doesn't necessarily imply
anything about the message that provokes it. It's on me to try to figure
out where that emotion is coming from, how to deal with it in a
constructive way, and whether it is justified or driven by some other
personal reaction.
In this particular case, I believed, and still believe, that you were
implying something that I think is clearly false, and in so doing you
belittled a lot of really difficult work that I and others have been doing
in a way that I found insulting. I considered that reaction, probably not
as long as I should have, and I decided you crossed a boundary that I
wanted to enforce. I declined to edit the emotion out of my message the
way that I usually try to do because there are times when that emotional
reaction is justified and I think this is one of them. This is one of the
cases where I think the constructive approach is to make it clear that
this was an unacceptable way to have a conversation.
Since the implication was made in public and, were it true, is material to
an eventual GR, it felt correct to respond in public to rebut it.
This may have been the wrong choice. This discussion has been a bit of a
marathon and I certainly don't have the emotional reserves that I had at
the start of it.
--
Russ Allbery (rra@debian.org) <https://www.eyrie.org/~eagle/>
Reply to: