Tobias Frost <t...@debian.org> writes: > Not sure if I understood this correctly, but the MIA team (via echolon?) > uses the information to tell us if there is an upload from a prossible > MIA person. (IOW the person is still active.) > I also use who-uploads occasionally to see if a sponsor knows about > where-abouts of some possible MIA persons.
One of the things I'm trying to understand is if the cryptographic signature part is important, or if metadata about who uploaded a package last without a cryptographic binding to the *.dsc file would solve the same use case. For who-uploads, I think you just need a trusted metadata store somewhere, and recovering this from the PGP signatures on *.dsc files is not a great trusted metadata store (among other things, it's tedious and complicated to search). The cryptographic binding becomes important if we for some reason don't trust archive upload records maintained by DAK, and I'm not sure of a use case for that. -- Russ Allbery (r...@debian.org) <http://www.eyrie.org/~eagle/>
