On 30/03/24 14:08, Jonathan Carter wrote:
On 2024/03/30 12:43, Sean Whitton wrote:On 2024-03-30 08:02:04, Gioele Barabucci wrote:Now it is time to take a step forward: 1. new upstream release; 2. the DD/DM merges the upstream release VCS into the Debian VCS; 3. the buildd is notified of the new release;4. the buildd creates and uploads the non-reviewed-in-practice blobs "sourcedeb" and "binary deb" to unstable. This change would have three advantages:I think everyone fully agrees this is a good thing, no need to list the advantages.>It is also already fully implemented as tag2upload, and is merely as yet undeployed, for social reasons.My understanding is that DSA aren't quite comfortable with it, since it would need to archive GPG signing key (or a keypair trusted by DAK)?
Don't the buildd already work like in similar way?The source deb is signed by the DD, the buildd checks the signature of the source deb, then builds and signs the binary debs.
In the future the tag is signed by the DD, the buildd checks the signature of the tag, then builds and signs the source deb and the binary debs.
-- Gioele Barabucci