Hello, On Thu 13 Jun 2024 at 08:23am +02, Thomas Goirand wrote:
> One thing I really dislike, is having a single gpg key to upoload them all. I > very much preferred the design that Didier explained during Debconf Kosovo, > where the .changes signature is uploaded together with the tagged commit. > > Your thoughts? > > Cheers, > > Thomas Goirand (zigo) > > P.S: The thread is huge, I have no time to read it all, sorry if someone else > also raised the same concern. I'm not sure about the characterisation that it's one key to upload them all. tag2upload will be an official service, no less so than ftp-master -- you could as well say that the current archive signing key is one key to release them all. This message from Ian argues against adding things like .changes files: <https://lists.debian.org/debian-vote/2024/06/msg00031.html>. Please excuse me if this does not address exactly Didier's design, with which I am not familiar. -- Sean Whitton
