On June 14, 2024 10:01:38 AM UTC, Sean Whitton <spwhit...@spwhitton.name> wrote:
>Hello zigo,
>
>On Fri 14 Jun 2024 at 11:39am +02, Thomas Goirand wrote:
>
>> Please read his lightning talk "debconf22-94-lightning-talks.webm". Here's
>> the
>> first to talk in the video:
>>
>> https://meetings-archive.debian.net/pub/debian-meetings/2022/DebConf22/
>>
>> What I found super nice with his design is that:
>> * there's no need to modify anything on the Debian infrastructure
>> * there's no need for a GR or a change of any Debian current policy.
>
>The work has already been done to prepare the additional infrastructure
>(note that there is no need to *modify* any existing infrastructure),
>and to prepare this GR.
>We are enthusiastic to complete the remaining work. The mere fact that
>change is required shouldn't hold us back from going for what we think
>is the best solution, if there are people willing to implement it.
>
>> * packages continue to be signed with your own DD key
>>
>> Why can't we move to this route, with standardized tooling?
>
>Well, to put it simply, because it's better to do things using only
>signed git tags than to do something highly Debian-specific.
>It is better if new contributors don't have to learn about source
>packages and dput at all. It is also much more convenient for existing
>contributors. Take a look at how git-debpush works -- it's really very
>simple and lightweight. I think you'll like it.
>
I'm a bit confused by the claim that no infrastructure changes are needed for
this to go forward.
If I have been following the proposal correctly, source packages will be signed
by tag2upload and not the uploader. Doesn't that mean changes are going to be
needed so that we know in the archive who uploaded the package?
Scott K
