On Tue, May 14, 2013 at 02:27:51PM +0200, Olivier Berger wrote: > >>> Nah, the webinterface just should end up like the DAM webinterface: You > >>> do whatever you need, then click a button - and voila, there is > >>> everything ready to copy/paste into a MUA. Send with sig, done. > > > >> Why? This is just a band-aid and not what I would call a web interface. > >> And except lazyness I don't see a good reason for that. Web interfaces > >> can be secure (and with an audit trail in case of breach). After all we > >> can manage our Debian passwords over a web interface... > > > > That level of security isn't great, though. GPG keys are much more secure > > than that password. What we would want for equivalent security in a web > > interface is personal X.509 certificates. > > > > WebID [0] could be useful in this respect. It includes the use of SSL > certs for authentication, in addition to other benefits (see some > discussion in the thread at [1]). > Or, we can just add this to dcut, like with DM permissions, and move on with all of our lives -- I mean, we're using this tool to push stuff, it seems sane to keep it all in one place, anyway. Once the format is nailed down, I'll add this to dput-ng. Right. Cheers, Paul -- .''`. Paul Tagliamonte <paultag@debian.org> : :' : Proud Debian Developer `. `'` 4096R / 8F04 9AD8 2C92 066C 7352 D28A 7B58 5B30 807C 2A87 `- http://people.debian.org/~paultag
Attachment:
signature.asc
Description: Digital signature