Holger Levsen <hol...@layer-acht.org> writes: > On Wed, Dec 11, 2024 at 06:58:28PM +0100, Simon Josefsson wrote: >> > fine with me, but maybe >> > https://qa.debian.org/developer.php?login=in-toto-dev%40googlegroups.com >> > would be better? I'm fine with either, please do what you think is >> > more appropriate. >> Happy to, but it also looks like a small team with no written down >> process for how to apply for group membership or packaging workflow. > > right. > >> There is also no Salsa group in use for it. Okay if I move >> python-securesystemslib to Salsa /debian/ namespace, change Maintainer >> to in-toto and add myself as Uploaders? Then I can cleanup remaining >> issues and fix Vcs-* URLs. Or just the 'Debian QA Group'. > > I definitly prefer either the Debian group or the Debian Python team > and would let you choose. I dislike moving the package to the Debian QA > Group however.
I have moved my repository to the Python team (cc'ed). I'm monitoring testing migration, and hope to eventually do another upload from this repository to clean up some metadata (see recent commits). https://salsa.debian.org/python-team/packages/securesystemslib This package is a dependency for python-tuf which is a dependency for python-sigstore and https://www.python.org/downloads/metadata/sigstore/ is likely to trigger interest from the Debian python community. I don't feel strongly about any of this, and I'm hoping I'm not stepping on anyones toes with this upload -- let me know if you want to revert anything, or prefer something else. I barely know python, TUF, Sigstore or Debian packaging either, so these packages need help. I realized one problem with using the in-toto-dev package group: it seems to be a closed mailing list, and I recall trying to send e-mail to that list before without any response, so maybe the Googlegroups is configured with limited public posting rights. /Simon
signature.asc
Description: PGP signature
