It seems Sean's GR (pre-)proposal perfectly fits the bill for most
paradigmatic Debian discussions. From (half-)following the discussion,
(must confess I have >80 pending messages I haven't read, so there
might be some reality check I haven't yet applied), I can say that:

1. Nobody really opposes what is being proposed.

(which makes sense, as tag2upload is barely controversial: What is
being requested is for the project to ask ftp-masters to trust an
automatically-signing key as a valid originator for source
packages. Of course, this key is to be controlled by an auditable
source base, controlled 100% by members of our project)

(Important mentioning: Nobody is to be forced to use
tag2upload... at least not for the forseeable future)

2. Many people interpret that _others_ oppose this proposal because it
opens the door for endangering different workflows or pieces of
infrastructure.

(But everybody so far says "I'm not saying I want to kill $thing!"
or "It is not me who opposes the idea!")

3. While a listmaster has already called for civility, at least once,
this thread "beautifully" shows how we are capable of treating each
other without much civility, but "decorating" our speech in a way
not to make it obvious we belittle and attack others.

And I think (no evidence!) most of the bad interactions in this
thread come from prior frictions. There is a lot of
finger-pointing, but all people pointed at answer by claiming to be
innocent of the nefarious accusations...

4. I understand Sean (and Ian, I pressume) are pushing this GR to
solve a stalemate while negotiating with ftp-masters regarding
implementation details, or something like that. In such case, I
would have expected an ftp-master to explain what is so difficult
in accepting the new proposed tool/workflow.

In other words: Is there and underlying controversy? Or is it just
we enjoy poking each other?

In any case... I understand you want to give some "discussion time"
before pushing the process. But, is there something in particular
you are waiting from this discussion?

This is one of the mails that actually point nowhere, and I fear are
not as constructive... I sat a bit with it half-written, pondering
whether to send it or to delete it. I am deciding to send it because
the interaction patterns we are seeing are quite pathological. I'm
sending this mail as a call, not only not to tell the other party to
fsck off some filesystems, but to stop finger-pointing and
second-guessing.

- Gunnar.

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQRNFAUGU6QC1zaHBJ0kBMlUbhRTYAUCZm0qHQAKCRAkBMlUbhRT YDbFAP9B+8KClR17mbOPcaJ9ujT8zmNC0drMjljb6Yk5+F/oagD/W0XEUNWTfjuq epyC8XRE2fDqPVrGp9N7RnJPFvQ/UAw=
=UKLe
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

In data sabato 15 giugno 2024 07:44:04 CEST, Gunnar Wolf ha scritto:

It seems Sean's GR (pre-)proposal perfectly fits the bill for most paradigmatic Debian discussions. From (half-)following the discussion,
(must confess I have >80 pending messages I haven't read, so there
might be some reality check I haven't yet applied), I can say that:

1. Nobody really opposes what is being proposed.

I'm against it. I just saw no point in taking part in the conversation. If we will actually vote on this I'll vote accordingly.

I suspect at the very least the members of the ftpmaster team would vote in
the same way, although I do wonder if they're even aware of what's going on on this list.

Best


--
Salvo Tomaselli

"Io non mi sento obbligato a credere che lo stesso Dio che ci ha dotato di senso, ragione ed intelletto intendesse che noi ne facessimo a meno."
-- Galileo Galilei

https://ltworf.codeberg.page/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Quoting Gunnar Wolf (2024-06-15 07:44:04)

It seems Sean's GR (pre-)proposal perfectly fits the bill for most paradigmatic Debian discussions. From (half-)following the discussion,
(must confess I have >80 pending messages I haven't read, so there
might be some reality check I haven't yet applied), I can say that:

1. Nobody really opposes what is being proposed.

(which makes sense, as tag2upload is barely controversial: What is
being requested is for the project to ask ftp-masters to trust an
automatically-signing key as a valid originator for source
packages. Of course, this key is to be controlled by an auditable
source base, controlled 100% by members of our project)

(Important mentioning: Nobody is to be forced to use
tag2upload... at least not for the forseeable future)

2. Many people interpret that _others_ oppose this proposal because it
opens the door for endangering different workflows or pieces of
infrastructure.

(But everybody so far says "I'm not saying I want to kill $thing!"
or "It is not me who opposes the idea!")

3. While a listmaster has already called for civility, at least once,
this thread "beautifully" shows how we are capable of treating each
other without much civility, but "decorating" our speech in a way
not to make it obvious we belittle and attack others.

And I think (no evidence!) most of the bad interactions in this
thread come from prior frictions. There is a lot of
finger-pointing, but all people pointed at answer by claiming to be
innocent of the nefarious accusations...

4. I understand Sean (and Ian, I pressume) are pushing this GR to
solve a stalemate while negotiating with ftp-masters regarding
implementation details, or something like that. In such case, I
would have expected an ftp-master to explain what is so difficult
in accepting the new proposed tool/workflow.

In other words: Is there and underlying controversy? Or is it just
we enjoy poking each other?

In any case... I understand you want to give some "discussion time"
before pushing the process. But, is there something in particular
you are waiting from this discussion?

This is one of the mails that actually point nowhere, and I fear are
not as constructive... I sat a bit with it half-written, pondering
whether to send it or to delete it. I am deciding to send it because
the interaction patterns we are seeing are quite pathological. I'm
sending this mail as a call, not only not to tell the other party to
fsck off some filesystems, but to stop finger-pointing and
second-guessing.

I find your post very helpful, and appreciate your posting it.

For example, I recognize my own finger being too pointy - i.e. that I
clearly was not clearly on topic, but derailed the conversation somewhat, through my personal, too stubborn views.

Thanks a lot for your sprinkling the atmosphere of this mailinglist
"room" with a bit of caring-mindset-fairydust.

- Jonas

--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
* Sponsorship: https://ko-fi.com/drjones

[x] quote me freely [ ] ask before reusing [ ] keep private --==============F55965378576293549=MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Description: signature
Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAmZtSNwACgkQLHwxRsGg ASHwCQ//d7gZKXdPTmJVladf9O/ewDhFFB1KbeeGD+LfeSax3nCIdNbMsoy6fwPq 3e2m3WwglXQnjbvWF2gx1k8eZeM1PwmbZFzEoqfgFlWdqYvnTw7N3YpFqVIRNLaL IhOyd50tZCXszfgPJ6UFXr2tkfmYiJgnynJFpdH3NV3tGQFLmdvFtvBhoZ2gckfi AX5nbiF1myyxgbJ4OA+DLpeVYPdccbadiU9CiaHXnn8X4gIetiwQFWWVwAjVCaVr lhiqxmGQRy4aMUXFzRR5yM3DnSsinfE3ESY5tO3ZturARNS7V376HeYvab/FVThh HkU11MLuqpHNvBavaa3DmsP7tdCOrhotc68Axz1Zjb7qHwPGB3lD/Wr6FxvSFI1x RMmjVm6fW7DXL9HWnkdnUyT0z46pzFlO2od/h5Ob20gny87rS8XLna7+WiAJcYdH 7Hnm70BpFD2jLQdgN4JZ4GfM3mJhVhZQONbjMfzg

On Fri, Jun 14, 2024 at 11:44:04PM -0600, Gunnar Wolf wrote:

1. Nobody really opposes what is being proposed.

I oppose to vote to implement a design proposal. I also oppose to force
certain work on volunteers. This is very similar to voting to publish
-private.

I didnt have time to even read this (other) thread since two days, yet
alone reply.

I also find it amazing that you wrote a summary of the thread while
stating upfront that you havent really read it. :/


--
cheers,
Holger

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄

If you want to forget all about Covid...just keep getting it.

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAmZtW+gACgkQCRq4Vgaa qhyJHw/+I6fjAOrJsJar/UrP592RUPRrhI2s/JywDu4htIPs3F1GNcElqwRSqWLX hbQ8yJjl/QB9+EAAHw/B0ki7XO3nkJzTHwbxjlfK+XJa39YmHxbCBAPMJe05F4UX t4/v2ki5nnmQn230z1tkSiveEKq7+We8sBmalIDZVSsXNdaqw0vFrUJNBALv6cK0 2erkUuewX3BZU8kmPYxWLkWxBM3hWF7xISl/J4voHMqLA/Xfzk2o84eJrNeXC8Vs E953r1afmdoWkDbX3TAJAItagZvMI64sEoUcU9vBiT8JDSuufUg9DjLc14aw7GnG vqnp+Bw1jFL6k5o5Yer4vWCjWgVkQa7g0VMA6DEYKnUozzEshSsAguZoemSck/OW H5GIVeRoiPpBwbIqzyqJX4nKe4Dmp6xPEdAgB6f9ydEUaAmLINSPDF4xTWiW81xf E4zD3Odubj6JecQp4flVkHG7DlDdwzxOjXINTPNhCYs9g97IFs9ZQEKdGNsVPWIk 93cbL0mQu9r8OKY72QEqrc3LOR07dDf7sCp3H2G2IIwbKIDd5wWfZ7iCsY+cDpDQ HdhlvbazgRq6U8KUlfCUpqLe26X4Gyri0SBOFB80XYXqzgXcpu8

On 17261 March 1977, Gunnar Wolf wrote:

1. Nobody really opposes what is being proposed.

The opposition is against technical details and the refusal to adjust.
Not against the actual thing.

4. I understand Sean (and Ian, I pressume) are pushing this GR to
solve a stalemate while negotiating with ftp-masters regarding
implementation details, or something like that. In such case, I
would have expected an ftp-master to explain what is so difficult
in accepting the new proposed tool/workflow.

I just tried to, in another mail in a new subthread. Including that the
GR proposal took me by surprise, as the last discussion *I* can find is
long ago.

In other words: Is there and underlying controversy? Or is it just
we enjoy poking each other?

Nah, we just don't enjoy getting our points ignored when asked and then
years later a hammer to overwrite.

This is one of the mails that actually point nowhere, and I fear are
not as constructive... I sat a bit with it half-written, pondering
whether to send it or to delete it. I am deciding to send it because
the interaction patterns we are seeing are quite pathological. I'm
sending this mail as a call, not only not to tell the other party to
fsck off some filesystems, but to stop finger-pointing and
second-guessing.

There *IMO* was one subthread going a particular bad way, where, even
after getting pointed out multiple times that the taken conclusion was
*WRONG*, text still went the wrong way, but the rest of it I found quite useful/OK. Many of them mails gave me more insight into t2u and ideas
around it.

--
bye, Joerg

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello,

On Fri 14 Jun 2024 at 11:44pm -06, Gunnar Wolf wrote:

In any case... I understand you want to give some "discussion time"
before pushing the process. But, is there something in particular
you are waiting from this discussion?

Ian and I are going through the thread and working on an FAQ atm.
We are thinking it would be good to finish that before moving the
process forward. We'll probably have it done soon.

--
Sean Whitton

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Gunnar Wolf writes ("Eternally paradigmatic Debian discussions..."):

It seems Sean's GR (pre-)proposal perfectly fits the bill for most paradigmatic Debian discussions. From (half-)following the discussion,
(must confess I have >80 pending messages I haven't read, so there
might be some reality check I haven't yet applied), I can say that:

1. Nobody really opposes what is being proposed.

I'm afraid that is not true.

ftpmaster are insisting on changes which we consider defeat the
purpose of our proposal. See the subthread in which Russ talks about
a "fat client". This is the heart of the disagreement.

ftpmaster are characterising these changes as minor details. They are
not minor details. ftpmaster's proposals demand radically more
complicated software on the uploader's system, than tag2upload.

Ian.

--
Ian Jackson <[email protected]> These opinions are my own.

Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Holger Levsen writes ("Re: Eternally paradigmatic Debian discussions..."):

I oppose to vote to implement a design proposal.

It's not just a design proposal. The vast majority is already
implemented.

I also oppose to force certain work on volunteers.

No work is being forced on volunteers.

We can deploy tag2upload without ftpmaster having to lift a finger, if necessary. The result isn't as good as a setup which has some minimal cooperation from ftpmaster, but it's workable.

For example, if ftpmaster really want to do absolutely nothing, the
following approach can deploy tag2upload without them having to lift a
finger:

* We generate tag2upload's signing key in the HSM on the server.
* I sign that subkey with my own personal key.

This approach is of course technically possible right now. The reason
it's not appropriate is that it would be an end run around an
ftpmaster decision. What's needed is political legitimacy.

If this GR passes, and ftpmaster don't feel like doing any work in
this area, something like the above would be an entirely appropriate
approach, at least until a better solution is implemneted. It's not
as good as the version where dak redoes the authorisation check, but
it's good enough.

Ian.

--
Ian Jackson <[email protected]> These opinions are my own.

Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)