Place for DDs and DMs to request syncs
Robert Collins
robert at ubuntu.com
Sun Aug 15 20:47:13 BST 2010
On Mon, Aug 16, 2010 at 7:14 AM, Steve Langasek
<steve.langasek at ubuntu.com> wrote:
> I would go farther than that to say that any Debian developer who turned
> his/her private key over to Launchpad had betrayed the trust of the Debian
> project by doing so and should have their upload privileges revoked. Debian
> places its trust in individual developers; a developer allowing Launchpad to
> upload packages on their behalf is bypassing that trust model.
Yup. We could however provide a signed-by-LP package with binaries for
them to download, confirm via whatever method is appropriate that what
LP showed as the patch is the patch in the source, rebuild if needed,
and then debsign and dput.
> (And then there's the issue that Debian requires binaries to be included
> with source uploads, and Launchpad has no Debian chroots...)
That issue is technically easy to fix :) I think the signing and
trust-in-the-change issues are rather larger.
If Debian starts throwing away the binary component of the upload,
that would be a big step forward.
-Rob
More information about the ubuntu-devel
mailing list