> On Sun, Jul 27, 2008 at 03:58:57PM +0100, Neil Williams wrote: > > > > * Reinhard Tartler [Wed, Jul 23 2008, 04:36:39PM]: > > > > >> > How about activating it the first time they send a gpg-signed > mail to > > > >> > the mail interface? > > > How about simply allowing any DD to send gpg-signed email to add > ^^ > > That requires LP to know who is or isn't a DD. Currently it has no > such > knowledge, and I think it would require a fair amount of discussion to > decide how best to get such information, with a none-too-elegant > outcome > (special-casing Debian out of all the projects in the world that > Launchpad > seeks to interface with), which is why I didn't suggest this. As mentioned in other replies, Debian is a special case for Ubuntu IMHO. > That doesn't mean that the Launchpad developers won't implement it; > perhaps > the bug Scott filed will bear fruit. But I think it's worth > considering > other solutions in the meantime. Had an idea last night: What about the .dsc files? .changes files are lost (so we don't have access to the Changed-By: field) but .dsc is retained in the Debian pool and therefore available to the Ubuntu sync process. The .dsc exists for all packages. It would be relatively simple to process the .dsc: 1. gpg verify the .dsc 2. parse the output to get the ID list 3. Compare the ID list against the Maintainer and Uploader control fields. 4. If there is a match, add that GnuPG key as an authenticated DD for the purposes of bug reports - accept any email signed by that GnuPG key into the bug email system. This excludes sponsored packages (which is probably correct), it excludes NMU's (which is probably fine too). It works on the basis that the signature has been accepted by dak in the first place. Removals might have to be manual - although it could be possible to track the number of packages assigned to each key and remove if that number falls to zero? Is that sufficient to identify a DD? It's not bullet proof and it might exclude some but this is only for a website login, it's not as if this method authenticates a DD to modify Ubuntu itself. -- Neil Williams ============= http://www.data-freedom.org/ http://www.nosoftwarepatents.com/ http://www.linux.codehelp.co.uk/
Attachment:
signature.asc
Description: This is a digitally signed message part