Mentors upload authentication
Based on discussion about making mentors official, one of the key
requirements is contributor DMUP agreement and upload authentication.
One thought I had recently was to move the file hosting functionality
over to alioth, which already has the necessary authentication
infrastructure. The process from a contributors perspective then
would be something like:
1. Contributor creates alioth account and signs DMUP (of course needs
alioth to require DMUP signing requirement for -guest accounts first,
which probably needs to be done there anyway)
2. Contributor [creates and] uploads public key to alioth
3. Contributor uploads their packages over ssh using public key auth,
thus populating dirs like http://alioth.debian.org/~gilbert-guest. A
dput.cf for this configuration looks something like this
fqdn = vasks.debian.org
incoming = public_html/unstable
progress_indicator = 2
method = scp
allow_unsigned_uploads = 0
allowed_distributions = (.*)
4. debexpo scrapes and parses all packages found in -guest account
dirs, then presents info on its pages mostly like it currently does
5. Contributor then sends sponsorship-requests mail with references
to their packages on alioth.
This makes debexpo/mentors itself quite a bit simpler, and reuses
existing infrastructure. Both of which I think are good goals.
Anyway, just a crazy idea I wanted to get out there.