[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Mentors upload authentication

Based on discussion about making mentors official, one of the key
requirements is contributor DMUP agreement and upload authentication.

One thought I had recently was to move the file hosting functionality
over to alioth, which already has the necessary authentication
infrastructure.  The process from a contributors perspective then
would be something like:

1.  Contributor creates alioth account and signs DMUP (of course needs
alioth to require DMUP signing requirement for -guest accounts first,
which probably needs to be done there anyway)
2.  Contributor [creates and] uploads public key to alioth
3.  Contributor uploads their packages over ssh using public key auth,
thus populating dirs like http://alioth.debian.org/~gilbert-guest.  A
dput.cf for this configuration looks something like this

   fqdn = vasks.debian.org
   incoming = public_html/unstable
   progress_indicator = 2
   method = scp
   allow_unsigned_uploads = 0
   allowed_distributions = (.*)

4.  debexpo scrapes and parses all packages found in -guest account
dirs, then presents info on its pages mostly like it currently does
5.  Contributor then sends sponsorship-requests mail with references
to their packages on alioth.

This makes debexpo/mentors itself quite a bit simpler, and reuses
existing infrastructure.  Both of which I think are good goals.

Anyway, just a crazy idea I wanted to get out there.


Reply to: