DM upload permissions in detail
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi there,
I've been asking this question on debian-mentors before, but people
involved into this process might be better addressed through d-d, so I
hope you don't mind as I got there no answer so far.
I was wondering what the exact requirements for DM uploads to the Debian
archive are. The Wiki tells [1]:
"Packages signed by a key in the debian-maintainers keyring will be
accepted if the [..] the previous version of the package contains this
maintainer's primary UID"
Now, what's exactly meant by primary UID? The primary GPG UID? If yes,
am I right when I assume signing a package with a non-primary GPG UID
or even more with a sub key won't work to fulfill DM upload rights?
I took a look into the dak source:
fpr = get_fingerprint(self.pkg.changes['fingerprint'], session=session)
...
def check_dm_upload(self, fpr, session):
...
rej = False
...
# uploader includes the maintainer
accept = False
for uploader in r.uploaders:
(rfc822, rfc2047, name, email) = uploader.get_split_maintainer()
# Eww - I hope we never have two people with the same name
in Debian
if email == fpr.uid.uid or name == fpr.uid.name:
accept = True
break
This seems to support my assumption as only a single, i.e. the first UID
of the fingerprint is verified for DM upload permissions. Given that the
following fictional key would not work:
pub 1024D/.... 2004-07-07
Key fingerprint = ... ... ... ... ...
uid John Doe <john@example.com>
uid John Doe <john@example.net>
sub 1024g/... 2004-07-07
sub 4096R/... 2011-01-01
sub 4096R/... 2011-01-01
when the 4k sub key altogether with the example.net UID would be used to
sign packages, right? That would be bad and a pure artificial
constraint. On the other hand good to know now, before I actually tried
to get DD signatures for that key ;)
[1] http://wiki.debian.org/DebianMaintainer
- --
with kind regards,
Arno Töll
GnuPG Key-ID: 0x8408D4C4
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJNtop0AAoJELBdpXvEXpo90+oP/Rmu5jGGdymZN1RKbxt3hu55
Tet1+IZ5t+eora5+Q5dUaiBVc2qUAY9ZSGyV5+SDzPFYygbOzsjVKkiB5RknLHcD
HA+e30J2MLSnqGFCx9uzmRtni75I6PnPqGIEcnzDwdGfCqwK2+srWnHF6604s7/s
VfuGMzKVrz4nftrKMC9j4fd/urqgW+AtzeB1Zpp6c22vH8PIy67wZi1v0kTymNsE
+VzgfLXb7jWBRBznOTyUsk6LZC0If695VVCmBLy4snElThEpuHdVF6vK1rFxzaSD
iLtl1+VnVVYAsBLJk87FQ11KWtKIROIAf0lV51NyyeSdpa8mgQlaGinRIrRuAL9d
+vZmwBQtzzhYvit57okowQnVs6isZjfnLywDmpkcF77ZMUpw+earlqvwhkLzUxLN
kcAccDO4HrHNxHiVxV/jC4DEnhmRbwnr47CYFLhuuAWmmrRlCrOLKk5N81d4G8MN
ChlfwPt4ho3yGsBef76/Pchm3G6qMEWXzGUAT8HNvdK4DMkJHJpSmr6Hp30RGgrE
AM8Zt3fyAF2C259HKuhx4qkkGCCmz6f8EtQhHmWo42UZ+EtsqbgijemhbY9S+V4W
Ax20bFLcRLI7phFgbCLwzamJ7COTqGMh+D6C0usv9dOZd2S4gheS6pf86L1CqxgJ
mWpPrwl/mzlNEIXaxr6q
=7UWP
-----END PGP SIGNATURE-----
Reply to: