| 1 |
On Thu, 2020-12-17 at 13:35 -0500, Mike Gilbert wrote: |
| 2 |
> On Wed, Dec 16, 2020 at 3:01 AM Michał Górny <mgorny@g.o> |
| 3 |
> wrote: |
| 4 |
> > |
| 5 |
> > On Tue, 2020-12-15 at 23:37 -0500, Aaron W. Swenson wrote: |
| 6 |
> > > On 2020-12-15 11:16, Michael Orlitzky wrote: |
| 7 |
> > > > On 12/15/20 11:11 AM, Thomas Deutschmann wrote: |
| 8 |
> > > > > |
| 9 |
> > > > > What do you mean exactly? |
| 10 |
> > > > > |
| 11 |
> > > > > For Gentoo tooling, only Gentoo keyservers are important and |
| 12 |
> > > > > Gentoo no longer synchronizes with any other pool. |
| 13 |
> > > > > |
| 14 |
> > > > "The Gentoo developer tooling explicitly checks the Gentoo |
| 15 |
> > > > keyserver |
| 16 |
> > > > pool with a much higher frequency" strongly implies that we |
| 17 |
> > > > check |
| 18 |
> > > > the |
| 19 |
> > > > non-Gentoo pools with a non-zero frequency. |
| 20 |
> > > > |
| 21 |
> > > > |
| 22 |
> > > |
| 23 |
> > > I'm with Michael on this. I've recently experienced this issue |
| 24 |
> > > myself |
| 25 |
> > > as the |
| 26 |
> > > instruction to upload the key to the Gentoo keyserver is separate |
| 27 |
> > > from the |
| 28 |
> > > GLEP63[1] document. It doesn't matter that the step is documented |
| 29 |
> > > if |
| 30 |
> > > the Holy |
| 31 |
> > > Tome GLEP63 doesn't mention it. What hint would I have to look |
| 32 |
> > > for a |
| 33 |
> > > supplemental document to provide that specific step? |
| 34 |
> > > |
| 35 |
> > > According to GLEP 63, uploading to the SKS keyserver is a |
| 36 |
> > > requirement. |
| 37 |
> > > However, it fails to specify which SKS keyserver. In fact, |
| 38 |
> > > neither |
| 39 |
> > > "SKS" nor |
| 40 |
> > > "keyserver" are defined in GLEP63. Ergo, the natural |
| 41 |
> > > interpretation |
| 42 |
> > > is *anything* |
| 43 |
> > > that's called an SKS keyserver will satisfy the requirement. As |
| 44 |
> > > long |
| 45 |
> > > as the |
| 46 |
> > > developer can submit the key, the requirement is met. |
| 47 |
> > > |
| 48 |
> > > Additionally, the supplemental document[2] doesn't say developers |
| 49 |
> > > must upload |
| 50 |
> > > via an internal host, but that devs should upload to both SKS and |
| 51 |
> > > the |
| 52 |
> > > Gentoo |
| 53 |
> > > keyserver. Yes, it says the Gentoo keyserver is currently |
| 54 |
> > > restricted |
| 55 |
> > > to syncing |
| 56 |
> > > with "authorized Gentoo hosts", but that's a nonsense phrase and |
| 57 |
> > > unhelpful. It |
| 58 |
> > > assumes I know what the authorized Gentoo hosts are. It doesn't |
| 59 |
> > > clearly state |
| 60 |
> > > what they are. It kind of hints that it will pull from SKS |
| 61 |
> > > eventually, but it |
| 62 |
> > > could take a long time. |
| 63 |
> > > |
| 64 |
> > > I understand we temporarily stopped syncing with the public |
| 65 |
> > > keyserver |
| 66 |
> > > out of an |
| 67 |
> > > overabundance of caution. However, that shouldn't have been done |
| 68 |
> > > without |
| 69 |
> > > updating every official Gentoo resource regarding how devs should |
| 70 |
> > > handle their |
| 71 |
> > > keys, which as far as I know is only two documents[1,2]. A |
| 72 |
> > > whopping 2 |
| 73 |
> > > documents. |
| 74 |
> > > |
| 75 |
> > > This new (I know it's been around for a year but that doesn't |
| 76 |
> > > make it |
| 77 |
> > > any less |
| 78 |
> > > new), stricter requirement, should be **explicitly** stated in |
| 79 |
> > > GLEP63, properly |
| 80 |
> > > referencing the justification[3], and linking to the infra |
| 81 |
> > > supplemental |
| 82 |
> > > document. The infra supplemental document needs to then use the |
| 83 |
> > > phrase "must" in |
| 84 |
> > > place of "should" when informing readers to upload to two |
| 85 |
> > > different |
| 86 |
> > > locations. |
| 87 |
> > |
| 88 |
> > ...and what have you done to resolve the problem, except for making |
| 89 |
> > oververbose complaints and demands in middle of some random thread? |
| 90 |
> |
| 91 |
> If you think he's being unhelpful, maybe suggest ways of contributing |
| 92 |
> that would be more helpful. There's no need for this snippy reply. |
| 93 |
> |
| 94 |
|
| 95 |
Are you suggesting that a developer with almost 10 years of experience |
| 96 |
in Gentoo doesn't know how to file a bug? The likeliness of me reading |
| 97 |
that particular mail in middle of the thread was really low. |
| 98 |
|
| 99 |
-- |
| 100 |
Best regards, |
| 101 |
Michał Górny |
Archives