[pkg-go] tag2upload failure with golang-github-containerd-nri
Sean Whitton
spwhitton at spwhitton.name
Wed Aug 13 08:45:03 BST 2025
Hello,
On Mon 11 Aug 2025 at 04:30pm +01, Ian Jackson wrote:
> Sean, we should think about this some more.
>
> I think at the very least we ought to try to record some information
> about who is likely to have been the instigator of a tag, in the debug
> log. One thing that is extremely bizarre right now is that the logs
> contain the whole deserialised tag data *only* if the tag is NotForUs!
> If we make a job out of it we discard that data. This is
> straightforward and I have filed t2usm#31 in salsa for that.
>
> Currently we only send emails from the oracle, so we don't send any
> email if a job fails before then. This UX doesn't seem ideal.
>
> Looking at the test data in our repo (which came from a real webhook)
> I can see:
>
> We do have `user_id`, `user_name` and `user_username` which I think
> are the gitlab account which was used for the ref update. The email
> address is the literal string "[REDACTED]" so is no use.
>
> We have the tag *body* but this does not contain the `tagger` git
> header line. (Likewise we have the message part of the tagged commit,
> which also doesn't contain git-header-level metadata, although in this
> case it happens to contain a `Signed-off-by`.) So we have *no*
> git-level attribution. If the repository is inaccessible, as it is
> here, we can't obtain the git-level header.
I think that it would be a good idea to have tag2upload-service-manager
e-mail the mailing list in the case of a tag like this where it doesn't
get to the point of passing it along to the Oracle.
> We could have t2usm have a gitlab account, which would enable it to
> make an API call to a URL like
> https://salsa.debian.org/api/v4/users/193
> which (if we're lucky) will give us a public email.
>
> I'm not sure I relish the idea of teaching t2usm how to log into
> gitlab but it maybe the least bad option. It's probably some oauth
> nightmare.
I don't think it has to login. We just generate an API key for it.
It may also be possible to grant the service API access-by-IP-address.
> So, Sean, LMK what you think. (I think we should use Salsa tickets
> for things which are purely t2usm changes, since we can do "close bug
> with MR" there. If we use the BTS we have no integration with our
> source code.)
Yes.
--
Sean Whitton
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 869 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-go-maintainers/attachments/20250813/8001ceac/attachment.sig>
More information about the Pkg-go-maintainers
mailing list