Hello Sean, I have two comments on your GR; I think you could accept them as amendments and keep the seconds it has already got:
Sean Whitton dijo [Thu, Jun 27, 2024 at 03:15:42PM +0800]:
> =====
> BEGIN FORMAL RESOLUTION TEXT
>
> tag2upload allows DDs and DMs to upload simply by using the
> git-debpush(1) script to push a signed git tag.
>
> 1. tag2upload, in the form designed and implemented by Sean Whitton and
> Ian Jackson, and design reviewed by Jonathan McDowell and Russ
> Allbery, should be deployed to official Debian infrastructure.
I think you should rather write:
1. tag2upload, based in the form designed and implemented by Sean
Whitton and Ian Jackson, (...)
Many points have been raised during the current discussion, and you
have accepted some observations as valid and worth including in the
implementation. But not only that: If something good (design
improvement) or bad (vulnerability nobody thought of before) comes
along in the future, this GR could be seen as tying the hands of the
maintainers to a specific implementation. By changing to "based in" or
"derived from" a specific design idea that you and Ian implemented,
then later Jonathan and Russ studied and commented upon, and then the
bunch of us gave some thought and discussion to, it allows for it to
be modified in the future.
Not only that: It also allows you and ftp-masters to come to specific
compromises _leading to an implemented service_.
> 2. Under Constitution §4.1(3), we overrule the ftpmaster delegate's
> decision: the Debian Archive should be configured to accept and trust
> uploads from the tag2upload service.
>
> 3. Future changes to tag2upload should follow normal Debian processes.
Of course, that paragraph could be included by your #3. But #3 is so
vague that it leads to ambiguity. There is too much ground covered by
it.
> 4. Nothing in this resolution should be taken as requiring maintainers
> to use any particular git or salsa workflows.
This is a good clarification, but IMO it should be seen as a side
note, and not part of the GR itself.
signature.asc
Description: PGP signature
