On Jun 17, Sven Mueller <s...@incase.de> wrote: > 1) because it is the job of FTPmaster to authenticate and authorize the > uploader (and Joerg sees that as "human uploader", which I somewhat agree > with) If this were the actual issue then the ftpmasters could just run the tag2upload server themselves (which I think would make sense).
> 2) because Joerg wants third parties to be able to verify the signature of > the human uploader without the need for Debian specific tools. Yes, I understand what he wants. But again, it is not obvious why we should share this desire. > There is another aspect he mentioned: he thinks the uploader needs to test > the build of the package. (I'm theory I agree, but there are situations Everybody can upload totally untested packages even without tag2upload: maybe tag2upload would make this marginally easier, but then I do not believe that this is a compelling enough argument to offset the benefits of a tag2upload-like service. -- ciao, Marco
signature.asc
Description: PGP signature
