Wednesday, 16 October 2024

Re: Validation of keyring changes [was: Enhancing cross-distro collaboration via foreign archive keyring] availability

On Wed, Oct 16, 2024 at 08:48:25AM -0400, Neal Gompa wrote:
> Question then: what makes archlinux-keyring or debian-*-keyring
> packages different from distribution-gpg-keys? Shouldn't both of them
> get kicked out of the Ubuntu archive for the same reason?

This is not a valid comparison. I already covered this in a previous
reply[1]. Note though that I made no suggestion that any package should
get "kicked out". I was only referring to SRUs.

On Wed, Oct 16, 2024 at 01:59:18PM +0100, Luca Boccassi wrote:

[reordered to keep the same threads together]

> Also I'll note that _no other package_ (including other keyrings) are
> subject to these same restrictions, so it seems very, very strange
> that somehow only my use case should be subject to this treatment.

This is not a valid comparison. I already covered this in a previous
reply[1].

On Wed, Oct 16, 2024 at 01:59:18PM +0100, Luca Boccassi wrote:
> Thanks for sharing your opinion. I'll note that there were several
> others who also shared theirs, and they agreed with my proposal, there
> were no other objections so far.

Ubuntu does not make decisions by popular vote, and generally Ubuntu
developers with concurring opinions do not vote. The lack of supporting
voices therefore does not imply that there aren't any. I do not speak
for Ubuntu alone of course. See the Ubuntu Code of Conduct[2] (perhaps a
misnomer here since I'm not referring to "conduct") for details of how
decisions are made in Ubuntu.

[1] https://lists.ubuntu.com/archives/ubuntu-devel/2024-September/043129.html
[2] https://ubuntu.com/community/ethos/code-of-conduct