On Tue, Aug 27, 2019 at 05:04:06PM -0700, Russ Allbery wrote: > Scott Kitterman <deb...@kitterman.com> writes: > > > As an example, I recall concerns about there not being an uploader > > signature on the source anymore, so we would lose the ability to verify > > from the archive who was responsible for the upload. > > Does anyone do this? Does it work today? > > I'm dubious that you would be able to successfully verify all of the > archive from *.dsc signatures now. Maybe you would be able to verify the > pieces that are the most important to you, though? > > I think this requirement is a bit incomplete, in that I don't understand > the use case that would lead you to want to do this. It's more of a > description of an implementation strategy than a use case, which makes it > hard to find other ways of accomplishing the same use case.
Not sure if I understood this correctly, but the MIA team (via echolon?) uses the information to tell us if there is an upload from a prossible MIA person. (IOW the person is still active.) I also use who-uploads occasionally to see if a sponsor knows about where-abouts of some possible MIA persons. > -- > Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/> >
