Steffen Möller writes ("Re: Auto-update for sid? Auto-backport?"):
> On 18.11.17 01:12, Jeremy Bicha wrote:
> But you are right, an external service is a safe bet as a first start that
> we do not need to vote about - nor would I need to ask ;) However,
> any such automation is something, if brought closer to Debian, that
> has the potential to change us quite a bit. I felt that more than one
> individual should be involved and at least should I myself be the
> one to set it up, I would want (most of) you (all) to want it.Personally, I think this general direction has so much potential that it might even become so good that I would use it for packages for which I am myself the upstream. For now, though, the right next step is to probably have a general purpose automatic thing running on DSA infrastructure, with enough compartmentalisation between different packages that it doesn't have to trust them all. As for automatically uploading to Debian: we already have the right technical infrastructure in the core parts of the project. It's very simple, conceptually: we make a trusted "approval" machine which: verifies upstream signatures and source code operations, based on information in the existing version of teh package in sid automatically makes a signature on the source-only upload using its own gpg key does dput And the upload goes through because the auto-puller's gpg key is in the DM keyring the auto-puller's service name and email address is in the Uploaders for the package the package has DM uploads enabled Oh, I have one more wishlist item: pls make it use dgit for its uploads kthxbye. Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. If I emailed you from an address @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
