Re: tag2upload (git-debpush) service architecture - draft
Hi Ian
On Wed, Jul 24, 2019 at 02:56:22AM +0100, Ian Jackson wrote:
> We've had a number of peripheral conversations, and informal
> internal reviews, but I think it's the stage now to have a public
> design review etc. I'm CCing this to -devel because I just did a
> lightning talk demo of the prototype and IME many people are
> interested in these kinds of questions.
We discussed a bit within the ftp team and several points came up. The
following describes my interpretation of it:
The archive will need to do the final validation to check if an upload
is accepted. The uploaders signature would need to be added to the
source package to allow checking the validity also in the future. We
already retain all user signatures of source packages in the archive and
such a proposed service must provide the same level of possible
verification.
The signature needs to be collision resistant and needs to be verifyable
with only the stuff included into the source package. The git object
checksums don't suffice anymore due to SHA1. And as the world moves
towards SHA3, it will need to have the ability to follow. The output of
all operations obviously needs to be reproducible to be signed.
I don't know if any of this requires a new dpkg source format to
implement properly.
The service still might need credentials of it's own, but no permissions
will be attached to it. And whatever you do, don't use Perl as
implementation language.
I would like to have such a service. However it would have been nice
for you to talk about the verification requirements before you ask for a
key and a way to circumvent the archive upload checks and restrictions.
Regards,
Bastian
--
"We have the right to survive!"
"Not by killing others."
-- Deela and Kirk, "Wink of An Eye", stardate 5710.5
Reply to: