Re: Call for volunteers and GR draft: tag2upload key installation

To: Jonathan Carter <jcc@debian.org>
Cc: debian-vote@lists.debian.org, Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Subject: Re: Call for volunteers and GR draft: tag2upload key installation
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Fri, 4 Apr 2025 12:05:01 +0100
Message-id: <[🔎] 26607.48349.230959.90218@chiark.greenend.org.uk>
In-reply-to: <[🔎] c9af68bb-2596-42a0-889e-9e9afbc8edd4@debian.org>
References: <[🔎] 26607.41378.283822.404146@chiark.greenend.org.uk> <[🔎] c9af68bb-2596-42a0-889e-9e9afbc8edd4@debian.org>

Jonathan Carter writes ("Re: Call for volunteers and GR draft: tag2upload key installation"):
> On 2025/04/04 11:08, Ian Jackson wrote:
> > ftpmaster don't want to see tag2upload in use, and so they are
> > choosing not to respond to our requests to install the key.
> > Therefore, we need to temporarily delegate someone else to do it.
> 
> Wait, what? I thought that things were going well and that ftpmaster 
> supported the project and that things were mostly falling in place? 

No.

What happened was that ftpmaaster stalled the project for 4 years with
unreasonable objections dressed up as "security" concerns.  I had
given up on it, but Sean was very keen.

Sean (who of course was an FTP Assistant and was privy to internal
ftpmaster communications which were hostile to tag2upload - see his
mail to -private) decided that the only way to unblock it was to
overrule ftpmaster with a GR. [0]

That was the discussion last year.  After much acrimony, it resulted
in a compromise - a settlement agreement between us and ftpmaster.
(Links in my thread starter mail.)

As with any such compromise, each side gave something up:

 * We agreed to do a substantial amount of additional technical
   work, to support additional checks that ftpmaster wanted.  The
   thing we agreed to provide is supposed to drop neatly into their
   systems with minimal changes.

 * They agreed that tag2upload can happen at all.

We agreed to this compromise because extra programming, even lots of
programming to build a daft thing, is much preferable to drama.
So we wrote the daft thing, to spec, with tests, etc.

But they still don't *want* tag2upload.  tag2upload happening at all
was a compromise they agreed to to avoid being overruled in a GR.

What they are doing now is a rearguard action: they are simply failing
to do their bit, so now we are blocked again.

ftpmaster could end this dispute right away, simply by doing what they
promised.  If what they say they want is too complicated, and would
take too much time (remember, they've had 8 months already), they
could, for now, install the key as equivalent to a DD key (as we
propose that our emergency Task Delegates would do).  That would be
very simple.  Then they could do their more complicated checking, that
they say they want, on their own schedule.

Ian.

[0]
  https://lists.debian.org/debian-vote/2024/06/msg00000.html

-- 
Ian Jackson <ijackson@chiark.greenend.org.uk>   These opinions are my own.  

Pronouns: they/he.  If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.

Reply to:

References:
- Call for volunteers and GR draft: tag2upload key installation
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: Call for volunteers and GR draft: tag2upload key installation
  - From: Jonathan Carter <jcc@debian.org>

Prev by Date: Re: Call for volunteers and GR draft: tag2upload key installation
Next by Date: Re: Call for volunteers and GR draft: tag2upload key installation
Previous by thread: Re: Call for volunteers and GR draft: tag2upload key installation
Next by thread: Re: Call for volunteers and GR draft: tag2upload key installation
Index(es):
- Date
- Thread