[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Keyring handling for new archive software



On Tuesday 07 March 2006 18:59, Martin Zobel-Helas wrote:
> For now we have set it up that the 'ftpmasters' need to be notified by
> drift@ to add a new person to this keyring.
>
> I would advise to move that completly to drift@, as it's drift's duty to
> add new accounts anyway. Additional to login-name and password-hash the
> gpg key-id will then also be requested by drift@.
>
> ftpmasters then would setup some kind of keyring sync, and would be
> complete out of duty on that.
>
> I would like to hear some comments on this idea.
> We could also just process as its curently implemented, but as we are
> still in early phase of the setup, changes are easier to do.
Hi Martin

Yes you are mentioning an interesting topic.
Your fear is that the ftpmasters have also the power over the keyring.
Well it might be my mistake. Werner and me worked a bit on a 
Debian-Edu/Skolelinux Archive policy.
I did not commit it into the wiki, so my mistake.
There we made clear that *only* drift is able to decide about accounts.
I think we will include more information in your status email in two or three 
hours.
For now it is true that the ftpmasters can add a key to the keyring and give 
upload rights. Most of the ftpmasters are also drift members and I personally 
can say that *I* would never add a key to the keyring!
Only if drift would advice me to do so, but they can do it alone, because they 
have access to sabine (the skolelinux account creation script).
Leaving this discussion for drift and keep on working on dak setup.

Greetings
Steffen

Attachment: pgp4fb0CCuyJf.pgp
Description: PGP signature


Reply to: