Hi, (Please send followup messages to -project.) The ftp team wants to change how allowing Debian Maintainers to upload packages works. The current approach with the DM-Upload-Allowed field has a few issues we would like to address: - It applies to all DMs listed as Maintainer/Uploaders. It is not possible to grant upload permission to only a specific DM. - It is tied to the source package so can only be changed with a sourceful upload. - It allows DMs to grant permissions to other DMs. We plan to instead implement an interface where developers upload a signed command file to ftp-master to grant upload permissions instead, similar to dcut. This could end up looking similar to this: --8<---------------cut here---------------start------------->8--- Archive: ftp.debian.org Action: dm Fingerprint: [...] Allow: a-source another-source Deny: yet-another-source Reason: We want people to say why they changed that. Action: dm Fingerprint: [...] Allow: yet-another-source Reason: ... --8<---------------cut here---------------end--------------->8--- Here "Allow" would add additional packages to the list of packages the Debian Maintainer (identified by his key fingerprint) may upload. "Deny" would be used to revoke this permission again[1]. Any DD may use this to grant/revoke upload permissions to existing packages (ie. at least in NEW); referring to non-existing packages will be an error (at least for Allow). [1] Having the same package in both Allow and Deny at the same time would result in revoking permissions. The "Archive" field is to prevent forwarding the commands file to another dak installation. Granting upload permissions for backports.d.o will require sending a commands file explicitly to backports-master. We will also drop the check that the DM is in Uploaders of the previous version and Changed-By of the current version. This has caused problems for DMs that have multiple uids attached to their key in the past. (This technically allows DMs to sponsor uploads to packages they have upload permissions for and to grant upload permissions to packages the DM does not maintain (yet). This should not be abused.) Please note that we currently do not know when we might get around to implement these changes. Ansgar for the ftp team
Attachment:
pgpfX4mUHP9qL.pgp
Description: PGP signature