On Thu, 2020-12-17 at 13:28 -0500, Mike Gilbert wrote: > On Wed, Dec 16, 2020 at 11:48 PM desultory <desult...@gentoo.org> > wrote: > > > > On 12/16/20 03:01, Michał Górny wrote: > > > On Tue, 2020-12-15 at 23:37 -0500, Aaron W. Swenson wrote: > > > > On 2020-12-15 11:16, Michael Orlitzky wrote: > > > > > On 12/15/20 11:11 AM, Thomas Deutschmann wrote: > > > > > > > > > > > > What do you mean exactly? > > > > > > > > > > > > For Gentoo tooling, only Gentoo keyservers are important > > > > > > and > > > > > > Gentoo no longer synchronizes with any other pool. > > > > > > > > > > > "The Gentoo developer tooling explicitly checks the Gentoo > > > > > keyserver > > > > > pool with a much higher frequency" strongly implies that we > > > > > check > > > > > the > > > > > non-Gentoo pools with a non-zero frequency. > > > > > > > > > > > > > > > > > > I'm with Michael on this. I've recently experienced this issue > > > > myself > > > > as the > > > > instruction to upload the key to the Gentoo keyserver is > > > > separate > > > > from the > > > > GLEP63[1] document. It doesn't matter that the step is > > > > documented if > > > > the Holy > > > > Tome GLEP63 doesn't mention it. What hint would I have to look > > > > for a > > > > supplemental document to provide that specific step? > > > > > > > > According to GLEP 63, uploading to the SKS keyserver is a > > > > requirement. > > > > However, it fails to specify which SKS keyserver. In fact, > > > > neither > > > > "SKS" nor > > > > "keyserver" are defined in GLEP63. Ergo, the natural > > > > interpretation > > > > is *anything* > > > > that's called an SKS keyserver will satisfy the requirement. As > > > > long > > > > as the > > > > developer can submit the key, the requirement is met. > > > > > > > > Additionally, the supplemental document[2] doesn't say > > > > developers > > > > must upload > > > > via an internal host, but that devs should upload to both SKS > > > > and the > > > > Gentoo > > > > keyserver. Yes, it says the Gentoo keyserver is currently > > > > restricted > > > > to syncing > > > > with "authorized Gentoo hosts", but that's a nonsense phrase > > > > and > > > > unhelpful. It > > > > assumes I know what the authorized Gentoo hosts are. It doesn't > > > > clearly state > > > > what they are. It kind of hints that it will pull from SKS > > > > eventually, but it > > > > could take a long time. > > > > > > > > I understand we temporarily stopped syncing with the public > > > > keyserver > > > > out of an > > > > overabundance of caution. However, that shouldn't have been > > > > done > > > > without > > > > updating every official Gentoo resource regarding how devs > > > > should > > > > handle their > > > > keys, which as far as I know is only two documents[1,2]. A > > > > whopping 2 > > > > documents. > > > > > > > > This new (I know it's been around for a year but that doesn't > > > > make it > > > > any less > > > > new), stricter requirement, should be **explicitly** stated in > > > > GLEP63, properly > > > > referencing the justification[3], and linking to the infra > > > > supplemental > > > > document. The infra supplemental document needs to then use the > > > > phrase "must" in > > > > place of "should" when informing readers to upload to two > > > > different > > > > locations. > > > > > > ...and what have you done to resolve the problem, except for > > > making > > > oververbose complaints and demands in middle of some random > > > thread? > > > > > Discuss it, which is more than you have done here. There is no need > > to > > berate signal because you feel like making noise. > > > > Formulating and discussing ways to fix problems before actually > > fixing > > them helps to reduce effort wasted on rebuilding old solutions > > which > > have failed for whatever reason. In this case documentation needs > > to be > > updated, discussing the appropriate manner in which to update which > > documentation seems to be more grounds for engagement than > > recrimination. > > > > On the subject of updating the documentation, the proposal seems > > generally sound; do you have any constructive criticism of it? > > > > So I can understand where Michał's reaction comes from. On my first > read through Aaron's message, it seemed like a long email complaining > about things that had been done wrong. Upon re-reading it with a > different mindset, it doesn't seem so bad if you skip over some of > the > text.
To me, it sounded like 'I am so important that I can't be bothered to report it properly, so I just write a long complaint right here and expect someone to resolve it'. -- Best regards, Michał Górny
