Re: [RFC] General Resolution to deploy tag2upload

[Scott Kitterman]

On June 13, 2024 3:29:21 PM UTC, Russ Allbery <r...@debian.org> wrote:
>Scott Kitterman <deb...@kitterman.com> writes:
>
>> I agree that this isn't a major design issue, but I think it is
>> something that I think needs to be addressed before deployment of
>> tag2upload.  The need is certainly rare, but when it's needed, it's
>> needed because it's important.
>
>I don't understand why this would be a blocker given that dak can redo the
>authorization check at the same point that it does authorization checks
>now, should it so desire.  This does require a small change to dak to
>retrieve the key fingerprint from the source package in the case where the
>source package is signed with the tag2upload key, but that doesn't seem
>too difficult.

I think that if the proposers want to direct use of a specific design via GR, 
it ought to be complete.  It's unclear to me how the FTP Masters could ask for 
this after the GR, since the GR takes anything to do with tag2upload out of 
their hands going forward. Post GR, it's not clear to me who gets to decide if 
changes are needed without another GR.

Scott K