Sean Whitton dijo [Sat, Apr 05, 2025 at 09:14:03AM +0800]:
Thanks for your reply.Wouldn't the relevant delegates be Ian and I? Our delegation says: Maintaining and managing the tag2upload system design and security policy, including for the tag2upload services's archive signing key. (This key has equivalent permissions for source-only uploads to the Debian archive as does an uploading Debian Developer's upload signing key.)
That would amount to nothing. The only meaningful action we could take (adding t2u's key as if it were a personal DD key) was discarded with good arguments by yourself in another mail. We can create as many keyrings as you want, but without dak modified to be aware of anything they would mean nothing. Again, I'm not giving a team opinion, but just ⅓ of it: I don't think we should take any action until the infrastructural issue of how this will be handled in the archive side is settled. Greetings, – Gunnar.
signature.asc
Description: PGP signature
