Micha Lenk writes ("Re: Call for volunteers and GR draft: tag2upload key
installation"):
> Am 7. April 2025 16:17:27 GMT+05:30 schrieb Ian Jackson
> <ijack...@chiark.greenend.org.uk>:
> >But I have my doubts that Debian Developers will find the technical
> >wording of the draft GR digestible.
>
> It still isn't better digestable to me.
Thanks for the reply.
> > 1. tag2upload allows DDs and DMs to upload simply by using the
> > git-debpush(1) script to push a signed git tag.
> >
> > 2. tag2upload has been fully implemented and deployed, and ready
> > for immediate operation, since the 15th of March 2025.
> >
> > 3. However, the Debian FTP Archive does not trust its signing key,
> > so tag2upload cannot be put into service.
>
> In my eyes 2. can only be true if 3. is true. So, what version of
> dak contains the code changes to trust tag2upload's signing key?
The required change (to deploy tag2upload according to our design) is
a configuration change, not a code change.
It is true that our agreement with ftpmaster in July 2024 is
predicated on them making code changes in dak. But they haven't done
that. That's fine. As I say, people not doing things that only they
want isn't a blocker.
> When did it get backported to oldstable for use on
> fasolo.debian.org? I haven't seen it in the oldbackports-new queue
> yet.
Since you ask:
dak is not in the archive. #535986. I'm not sure *precisely* what
code is running on fasolo but it seems very likely to be close to
https://salsa.debian.org/ftp-team/dak#master.
Here is my attempt at the minimal necessary configuration change:
https://salsa.debian.org/iwj/dak/-/commits/t2u-minimal
I think anyone who tries to deploy that is likely to discover that it
doesn't work as intended. That's in the nature of configuration
changes, especially when preapred by an outsider. But it shouldn't be
hard to iterate and get working.
But, since this apparently-missing piece seemed like a blocker, here
it is. I havne't made an MR of it because I don't anticipate it being
well-received.
> I was under the impression a (NMU for a) dak code changes doesn't
> need that. Or, what am I missing?
The only piece that is both necessary and missing is configuration,
not code.
ftpmaster don't want to make that configuration change now. They want
there to be additional checks. That was our 2024 agreement. We've
done our part to support those additional checks, but they haven't
done theirs - and it's been 8 months so far.
So we think that the configuration change should be made now.
They can implement the extra checks at their leisure.
Ian.
--
Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
