On Tuesday, June 18, 2024 8:57:28 AM MST Aigars Mahinovs wrote: > On Tue, 18 Jun 2024 at 17:44, Soren Stoutner <so...@debian.org> wrote: > > From a security perspective, it makes sense to me that the DD should create > > a > > .dsc and .changes and sign them, and then tag2upload should create them as > > well and verify they match exactly. > > They will not. Translation from a git tree to a Debian source package > with dsc and changes > is not a trivial operation.
If we can’t do this reproducibly and verifiably, then I don’t think we should do tag2upload at all. But my guess is it can be done. I know that one of the goals of those proposing the GR is to not have a fat client on the DD machine to generate the .dsc and .changes. But I think the security of the tag2upload proposal would be improved if they dropped that as one of their goals. To me that is the Gripping Hand (meaning, the most important factor that trumps all the other factors). -- Soren Stoutner so...@debian.org
signature.asc
Description: This is a digitally signed message part.
