[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revival of the signed debs discussion

Andreas Barth <aba@not.so.argh.org> writes:

> * Wouter Verhelst (wouter@grep.be) [031203 23:10]:
> > Op wo 03-12-2003, om 10:09 schreef Andreas Barth:
> > > > > file back signed by the build admin. The debian archive scripts
> > > > > accepts packages signed by a buildd-key only if it is a binary package
> > > > > for this architecture, the key is valid (i.e. in the right year), and
> > > > > this package has been handed out to this autobuilder for building.
> > > > 
> > > > Valid for the autobuilder the package has been handed to and that send
> > > > it in and if the changes file is correct.
> > > > 
> > > > But what if the buildd failed and someone manually build the deb,
> > > > signes it and uploads? The debian archive scripts would need a way to
> > > > distinguish between autobuild packages and manually build binary-only
> > > > uploads.
> > 
> > I don't see why that would be the case. Could you elaborate?
> >
> > > The archive script would of course continue to accept any deb by any
> > > DD under the same conditions as today. The question to the
> > > buildd-admins is: How often does this happen?
> > 
> > Hardly ever, if at all. Most "manual" bin-NMU's are done by people that
> > are not buildd admins.
> 
> I don't understand what you mean. Perhaps it would be best if I try to
> rephrase my ideas:
> 
> The archive scripts accept a package currently if the following
> conditions are met:
> * There is an signed changes file for the debs by a DD
> 
> These would be harded to the following:
> * There is an signed changes file for the debs by a DD
> * The debs are signed
>   - by an DD
>   or
>   - by an buildd, if this buildd was the one to build this package.

    or
    - by and buildd and by a DD (or the DD of the buildd)

If we can work the signing part out without making it more work.

> So, the archive scripts don't distinguish between autobuild packages
> and manually build binary-only packages, but they look at the debs,
> and verify the signature. If the signature is by a DD, everything is
> ok. If the signature is by a buildd, they verify that the buildd had
> had an job to build this deb.

That would be nice too I think.

> Ok?

Sounds ok but the upload rules can be tightened much much later. First
we have to get signing started, which means fixing apt-utils or
debsigs or preferably both. And of cause change policy to
allow/suggest it.

MfG
        Goswin
Reply to: