Hi. I just wanted to say thank you to all the people who have contributed to the fact that apt now verifies packages with Sequoia (sqv) by default.
I know I will have missed some people, hence the CC to -devel and to the Debian Rust team. And thanks of course are also due to all the upstream contributors to Sequoia and its dependencies. This change (and Sequoia adoption more generally) will be an improvement for many of Debian's users, and also enable other necessary changes. But I have a more personal reason for being pleased right now: This change has sped up the dgit test suite, running locally on my laptop, from taking around 9-10 mins, to taking 5-6. So this single change has sped up my tests by a factor of nearly 2. When doing serious development[1] I like to run the test suite on every commit, so this is a massive boon. For those who want to know where such a terrific speedup came from: The dgit test suite does a *lot* of simulated uploads, mostly with little pet apt archives. So it runs apt a lot. And, the test suite has multiple horrific workarounds for gnupg2's terrible startup races, including a nightmarish contraption that completely serialises all invocations of gnupg across all the different tests; empirically that reduced the failure probability of the whole test suite from "at least one test always fails" to "it might fail once or twice on a long branch". So not running gnupg means less serialisation and less overhead. I also expect it to be more reliable :-). In Debian the benefits of improvements are often diffuse, and felt by users a long way from the developers. For a user it's hard to know who to thank. And of course change comes with bugs and sometimes with controversy, which are less nice things to land on the maintainers' and contributors' plates. So I felt that when one specific change had made such a dramatic positive impact on me, I wanted to say thanks. I look forward to more and more adoption of gnupg alternatives in Debian. And thanks to everyone who helps make Debian be the capable but boring operating system that just works, giving our users across the world a system that serves *their* interests, and helps them get shit done. Best wishes and a belated happy new year. Ian. [1] Currently, I'm doing final pre-merge tests on this 73-commit MR which implements most of the remaining architectural changes requested in Russ's security review of tag2upload: https://salsa.debian.org/dgit-team/dgit/-/merge_requests/86 I now expect these tests to complete many hours sooner. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
