[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Planned changes to Debian Maintainer uploads

Ansgar Burchardt dijo [Sun, Jun 10, 2012 at 01:57:49PM +0200]:
> Hi,
> (Please send followup messages to -project.)
> The ftp team wants to change how allowing Debian Maintainers to upload
> packages works.  The current approach with the DM-Upload-Allowed field
> has a few issues we would like to address:
> (...)


Hmm, this looks interesting, and useful. I'd like to add a bit as a
wishlist item: Having this DB easily queriable (i.e. a webpage where
you can query by key to see all the packages uploadable by a given

And just thinking about possible complications: I *hope* we don't see
any such behaviour, but this format would allow a DD to "censor" a
given DM's activity. If I send "Deny" actions with somebody's key, it
ends up blocking that person until somebody else is convinced to send
corresponding "Allow" commands. Of course, if we see any such
behaviour (repeatedly?), I might be reprehended and maybe even locked
out of sending requests to this subsystem. Thoughts on this?

Finally, it's interesting to me (as keyring-maint) that you are
specifying the fingerprint. Of course, it makes sense. But it can make
key migration (i.e. a DM moving from a 1024D to a 4096R key, or
reacting to a key being compromised) as a more difficult thing, as the
new key would first have to be inserted by us into the live keyring
and only then the old key denied and the new one allowed. I guess we
could automate this procedure when performing the keyring push...

Anyway, and modulo the time it takes to implement all the needed bits
(and discussion), thanks for a nice new idea, and hope to see it go

Attachment: signature.asc
Description: Digital signature

Reply to: