Hello, On Mon 11 Aug 2025 at 04:30pm +01, Ian Jackson wrote:
> Sean, we should think about this some more. > > I think at the very least we ought to try to record some information > about who is likely to have been the instigator of a tag, in the debug > log. One thing that is extremely bizarre right now is that the logs > contain the whole deserialised tag data *only* if the tag is NotForUs! > If we make a job out of it we discard that data. This is > straightforward and I have filed t2usm#31 in salsa for that. > > Currently we only send emails from the oracle, so we don't send any > email if a job fails before then. This UX doesn't seem ideal. > > Looking at the test data in our repo (which came from a real webhook) > I can see: > > We do have `user_id`, `user_name` and `user_username` which I think > are the gitlab account which was used for the ref update. The email > address is the literal string "[REDACTED]" so is no use. > > We have the tag *body* but this does not contain the `tagger` git > header line. (Likewise we have the message part of the tagged commit, > which also doesn't contain git-header-level metadata, although in this > case it happens to contain a `Signed-off-by`.) So we have *no* > git-level attribution. If the repository is inaccessible, as it is > here, we can't obtain the git-level header. I think that it would be a good idea to have tag2upload-service-manager e-mail the mailing list in the case of a tag like this where it doesn't get to the point of passing it along to the Oracle. > We could have t2usm have a gitlab account, which would enable it to > make an API call to a URL like > https://salsa.debian.org/api/v4/users/193 > which (if we're lucky) will give us a public email. > > I'm not sure I relish the idea of teaching t2usm how to log into > gitlab but it maybe the least bad option. It's probably some oauth > nightmare. I don't think it has to login. We just generate an API key for it. It may also be possible to grant the service API access-by-IP-address. > So, Sean, LMK what you think. (I think we should use Salsa tickets > for things which are purely t2usm changes, since we can do "close bug > with MR" there. If we use the BTS we have no integration with our > source code.) Yes. -- Sean Whitton
signature.asc
Description: PGP signature
_______________________________________________ Pkg-go-maintainers mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-go-maintainers
