Groups | Search | Server Info | Login | Register

Re: Summary of the current state of the tag2upload discussion

From	Bart Martens <bartm@debian.org>
Newsgroups	linux.debian.vote
Subject	Re: Summary of the current state of the tag2upload discussion
Date	2024-06-25 20:50 +0200
Message-ID	<ITjoR-5yhe-3@gated-at.bofh.it> (permalink)
References	(4 earlier) <ISTb3-5fa1-1@gated-at.bofh.it> <ISTXr-5fL4-9@gated-at.bofh.it> <ISVmx-5gVG-7@gated-at.bofh.it> <ISZq9-5k0j-9@gated-at.bofh.it> <IT8ts-5pWo-5@gated-at.bofh.it>
Organization	linux.* mail to news gateway

Show all headers | View raw

On Tue, Jun 25, 2024 at 08:55:56AM +0200, Matthias Urlichs wrote:
> On 24.06.24 23:20, thomas@goirand.fr wrote:
> > I see it as signing the very thing that is pushed to the Debian archive.
> > You aren't uploading a bunch of git SHA to the archive but a source
> > package. It feels very normal that therefor, that is the thing that we
> > would like you to sign. Too bad this is less convenient for your
> > workflow, but that is the correct semantic.
> 
> Well, yes. Right now this is the case, and t2u adds an additional step to
> that equation which historically we didn't have.
> 
> However …
> 
> (a) the thing I'm signing isn't the thing I worked on. I didn't look at it
> and, given a git-centric work flow, nobody else will either. It feels very
> unnormal to me that I'm signing some artifact that I didn't even look at.
> Heck it felt unnormal to me 20 years ago when I joined and built my first
> packages.

The unit of signing should remain close of the unit of distribution. It makes
the signer aware of what exactly they are responsible for. I mean, that is in
the current workflow, with the signer being the DD doing the last human
verification.

> 
> (b) we might decide, sometime in the future, that sources.dgit.d.o is to be
> treated as part of "the Debian archive" and that our builders shall pull
> from there instead of unpacking a tarball if the maintainer used t2u, thus
> effectively removing your objection.

In my view git will be replaced by the next vcs while Debian will still be
distributing source packages to be finally signed by some human. Sure, git is
useful today and it's worth giving it a prominent place in the workflows of
today. I just think that the source code package that gets distributed should
remain independent of any product like a vcs that happens to be hot today.

> 
> -- 
> -- mit freundlichen Grüßen
> -- 
> -- Matthias Urlichs
> 

--

Back to linux.debian.vote | Previous | Next — Previous in thread | Next in thread | Find similar

Thread

Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-22 00:30 +0200
  Re: Summary of the current state of the tag2upload discussion Soren Stoutner <soren@debian.org> - 2024-06-22 07:40 +0200
    Re: Summary of the current state of the tag2upload discussion Ian Jackson <ijackson@chiark.greenend.org.uk> - 2024-06-22 15:50 +0200
  Re: Summary of the current state of the tag2upload discussion Ian Jackson <ijackson@chiark.greenend.org.uk> - 2024-06-22 15:40 +0200
  Re: Summary of the current state of the tag2upload discussion Micha Lenk <micha@debian.org> - 2024-06-22 22:20 +0200
    Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-23 04:50 +0200
      Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-23 10:40 +0200
        Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-23 16:50 +0200
          Re: Summary of the current state of the tag2upload discussion Scott Kitterman <debian@kitterman.com> - 2024-06-23 17:30 +0200
            Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-23 17:50 +0200
              Re: Summary of the current state of the tag2upload discussion Scott Kitterman <debian@kitterman.com> - 2024-06-23 18:20 +0200
                Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-23 20:00 +0200
                Re: Summary of the current state of the tag2upload discussion Scott Kitterman <debian@kitterman.com> - 2024-06-23 20:50 +0200
                Re: Summary of the current state of the tag2upload discussion Mathias Behrle <mbehrle@debian.org> - 2024-06-23 20:50 +0200
                Re: Summary of the current state of the tag2upload discussion Marco d'Itri <md@Linux.IT> - 2024-06-24 03:30 +0200
                Re: Summary of the current state of the tag2upload discussion Simon Richter <sjr@debian.org> - 2024-06-24 10:20 +0200
                Re: Summary of the current state of the tag2upload discussion Aigars Mahinovs <aigarius@gmail.com> - 2024-06-24 16:50 +0200
                Re: Summary of the current state of the tag2upload discussion Scott Kitterman <debian@kitterman.com> - 2024-06-24 17:40 +0200
                Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-24 19:10 +0200
                Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-25 09:10 +0200
                Re: Summary of the current state of the tag2upload discussion Simon McVittie <smcv@debian.org> - 2024-06-25 12:10 +0200
                Re: Summary of the current state of the tag2upload discussion Ian Jackson <ijackson@chiark.greenend.org.uk> - 2024-06-25 12:20 +0200
                Re: Summary of the current state of the tag2upload discussion Bart Martens <bartm@debian.org> - 2024-06-25 20:50 +0200
                Re: Summary of the current state of the tag2upload discussion Aigars Mahinovs <aigarius@gmail.com> - 2024-06-24 20:40 +0200
                Re: Summary of the current state of the tag2upload discussion Scott Kitterman <debian@kitterman.com> - 2024-06-24 21:10 +0200
                Re: Summary of the current state of the tag2upload discussion Aigars Mahinovs <aigarius@gmail.com> - 2024-06-24 21:50 +0200
                Re: Summary of the current state of the tag2upload discussion Scott Kitterman <debian@kitterman.com> - 2024-06-24 22:10 +0200
                Re: Summary of the current state of the tag2upload discussion Aigars Mahinovs <aigarius@gmail.com> - 2024-06-24 23:40 +0200
                Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-25 12:10 +0200
                Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-25 18:00 +0200
                Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-25 19:20 +0200
                Re: Summary of the current state of the tag2upload discussion Didier 'OdyX' Raboud <odyx@debian.org> - 2024-06-26 11:20 +0200
                Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-25 19:40 +0200
                Re: Summary of the current state of the tag2upload discussion Bdale Garbee <bdale@gag.com> - 2024-06-25 20:10 +0200
                Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-25 20:20 +0200
                Re: Summary of the current state of the tag2upload discussion Aigars Mahinovs <aigarius@gmail.com> - 2024-06-25 20:50 +0200
                Re: Summary of the current state of the tag2upload discussion Philip Hands <phil@hands.com> - 2024-06-25 22:20 +0200
                Re: Summary of the current state of the tag2upload discussion Didier 'OdyX' Raboud <odyx@debian.org> - 2024-06-26 11:20 +0200
                Re: Summary of the current state of the tag2upload discussion Simon Richter <sjr@debian.org> - 2024-06-26 06:30 +0200
                Re: Summary of the current state of the tag2upload discussion Scott Kitterman <debian@kitterman.com> - 2024-06-26 07:30 +0200
                Re: Summary of the current state of the tag2upload discussion Philip Hands <phil@hands.com> - 2024-06-25 11:10 +0200
                Re: Summary of the current state of the tag2upload discussion Scott Kitterman <debian@kitterman.com> - 2024-06-25 14:30 +0200
                Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-24 18:20 +0200
                Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-25 02:20 +0200
                Re: Summary of the current state of the tag2upload discussion Brian May <bam@debian.org> - 2024-06-25 03:00 +0200
                Re: Summary of the current state of the tag2upload discussion Simon Richter <sjr@debian.org> - 2024-06-25 06:30 +0200
                Re: Summary of the current state of the tag2upload discussion [and 1 more messages] Ian Jackson <ijackson@chiark.greenend.org.uk> - 2024-06-25 12:10 +0200
                Re: Summary of the current state of the tag2upload discussion [and  1 more messages] Ansgar 🙀 <ansgar@43-1.org> - 2024-06-30 20:50 +0200
                Re: Summary of the current state of the tag2upload discussion [and 1  more messages] Aigars Mahinovs <aigarius@debian.org> - 2024-06-30 22:00 +0200
                Re: Summary of the current state of the tag2upload discussion [and 1  more messages] Simon Richter <sjr@debian.org> - 2024-07-01 06:20 +0200
                Re: Summary of the current state of the tag2upload discussion [and 1  more messages] Andrey Rakhmatullin <wrar@debian.org> - 2024-07-01 08:00 +0200
                Re: Summary of the current state of the tag2upload discussion [and  1 more messages] Ansgar 🙀 <ansgar@43-1.org> - 2024-07-01 08:10 +0200
                Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-25 08:10 +0200
                Re: Summary of the current state of the tag2upload discussion Salvo Tomaselli <tiposchi@tiscali.it> - 2024-06-25 23:20 +0200
                Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-26 11:10 +0200
                Re: Summary of the current state of the tag2upload discussion Salvo Tomaselli <tiposchi@tiscali.it> - 2024-06-28 07:40 +0200
                Re: Summary of the current state of the tag2upload discussion Guillem Jover <guillem@debian.org> - 2024-06-26 04:40 +0200
                Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-25 09:10 +0200
                Re: Summary of the current state of the tag2upload discussion Sam Hartman <hartmans@debian.org> - 2024-06-26 14:20 +0200
                Re: Summary of the current state of the tag2upload discussion Jun MO <royclark086@gmail.com> - 2024-06-25 20:10 +0200
                Re: Summary of the current state of the tag2upload discussion Andrey Rakhmatullin <wrar@debian.org> - 2024-06-25 20:10 +0200
                Re: Summary of the current state of the tag2upload discussion Russ Allbery <rra@debian.org> - 2024-06-25 21:10 +0200
                Re: Summary of the current state of the tag2upload discussion Soren Stoutner <soren@debian.org> - 2024-06-28 04:50 +0200
                Re: Summary of the current state of the tag2upload discussion Sam Hartman <hartmans@debian.org> - 2024-06-26 05:00 +0200
    Re: Summary of the current state of the tag2upload discussion Ian Jackson <ijackson@chiark.greenend.org.uk> - 2024-06-23 20:40 +0200
      Re: Summary of the current state of the tag2upload discussion Micha Lenk <micha@debian.org> - 2024-06-23 21:20 +0200
        Re: Summary of the current state of the tag2upload discussion Ian Jackson <ijackson@chiark.greenend.org.uk> - 2024-06-24 11:40 +0200
        Re: Summary of the current state of the tag2upload discussion Matthias Urlichs <matthias@urlichs.de> - 2024-06-24 14:40 +0200

csiph-web