Scott Kitterman writes ("Re: [RFC] General Resolution to deploy tag2upload"):
> On June 13, 2024 3:02:48 PM UTC, Joerg Jaspert <jo...@debian.org> wrote:
> >I think this is a minor issue, actually. It does not happen often. For
> >the time it will, we can have something like "ftpmaster pushes a list of
> >fingerprints via $mechanism" (ssh forced command is widely used for
> >similar things, for example).
> >
> >That's really simple to implement.
>
> I agree that this isn't a major design issue, but I think it is something
> that I think needs to be addressed before deployment of tag2upload. The need
> is certainly rare, but when it's needed, it's needed because it's important.
I agree. Also, I don't want to be developing a new shutoff mechanism
during an emergency. Instead, I have filed #1073157.
I think this should be addressed regardless of t2u, since it affects
current dgit use too.
Russ's suggested resolution is reasonble too, but I don't think it's
sufficient because I want to prevent bad stuff appearing on
*.dgit.do.o, not just in archive.d.o. Either or both of these
approaches would work.
> It also suggests to me that it's premature to freeze and mandate the current
> design via GR.
This is a minor detail, easily sorted out.
I don't think passing this GR forbids us from updating the design to
address points like this. I think it *does* forbid us from updating
the design in ways that Russ and Noodles disapprove of. But that's
surely right and proper.
Ian.
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
