Holger Levsen writes ("Re: Eternally paradigmatic Debian discussions..."):
> I oppose to vote to implement a design proposal.It's not just a design proposal. The vast majority is already implemented. > I also oppose to force certain work on volunteers. No work is being forced on volunteers. We can deploy tag2upload without ftpmaster having to lift a finger, if necessary. The result isn't as good as a setup which has some minimal cooperation from ftpmaster, but it's workable. For example, if ftpmaster really want to do absolutely nothing, the following approach can deploy tag2upload without them having to lift a finger: * We generate tag2upload's signing key in the HSM on the server. * I sign that subkey with my own personal key. This approach is of course technically possible right now. The reason it's not appropriate is that it would be an end run around an ftpmaster decision. What's needed is political legitimacy. If this GR passes, and ftpmaster don't feel like doing any work in this area, something like the above would be an entirely appropriate approach, at least until a better solution is implemneted. It's not as good as the version where dak redoes the authorisation check, but it's good enough. Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
