Simon Richter <s...@debian.org> writes: > Hi, > > On 6/13/24 22:27, Simon Josefsson wrote: > >> Generally I reach the same conclusion, although I think there are real >> security problems with both the existing and the proposed tag2upload >> mechanism that we should all be aware of. It is acceptable to realize >> that we cannot protect against all attacks with reasonable costs. > > In that case it is kind of disingenuous to highlight the necessity of > this change by pointing at the xz-utils scenario.
Agreed. I don't think tag2upload solves anything important from a security point of view. I believe tag2upload will enable new attacks, some attacks that are realistic and will actually occur. Still I find myself in mild support of tag2upload, since it enables a workflow that some people seems to prefer. IMHO, that's the important aspect. Excluding people's reasonable positions has demotivated Debian contributors historically, and I don't think the project or resulting release artifact is significantly better off as a result. Using Devuan to avoid systemd, or Trisquel to avoid non-free software, is poor human resource utilization. Git-based workflows seems popular. If there is some method to support it (tag2upload), and there are people willing to baby-sit the implementation (I dunno but assume so), and it doesn't break existing workflows (I dunno), then my opinion is: why not. But, please, don't hype this as a solution to xz-utils problems. The ftpmaster's conservative response is reasonable, and there are many unanswered questions about tag2upload, and it is easy to shoot it down on those grounds. It would make the case stronger to admit that there are unanswered questions, and would invite collaborative work to improve the design. /Simon
signature.asc
Description: PGP signature
