Hello, On Wed 12 Jun 2024 at 09:44am +08, Sean Whitton wrote:
> The short answer is that the input to dak is a source package, not a git > tag. And it's the latter that is signed by the maintainer, under > tag2upload. > > A longer answer is that for dak to do that, it would need to reimplement > all of tag2upload. As you will see from the design docs, we have > carefully sandboxed the various stages of tag2upload's processing, for > security isolation. It wouldn't make sense to implement all that again > on dak. And indeed, the git-to-source-package processing should not > happen on the same host where we have the master archive signing keys. Let me withdraw this answer. I agree with Russ that what some ftpmasters really meant with this objection was never clear, and that it's better not to try to speak for them. -- Sean Whitton
