Ansgar Burchardt dijo [Sun, Jun 10, 2012 at 01:57:49PM +0200]: > Hi, > > (Please send followup messages to -project.) > > The ftp team wants to change how allowing Debian Maintainers to upload > packages works. The current approach with the DM-Upload-Allowed field > has a few issues we would like to address: > (...) Hi, Hmm, this looks interesting, and useful. I'd like to add a bit as a wishlist item: Having this DB easily queriable (i.e. a webpage where you can query by key to see all the packages uploadable by a given key). And just thinking about possible complications: I *hope* we don't see any such behaviour, but this format would allow a DD to "censor" a given DM's activity. If I send "Deny" actions with somebody's key, it ends up blocking that person until somebody else is convinced to send corresponding "Allow" commands. Of course, if we see any such behaviour (repeatedly?), I might be reprehended and maybe even locked out of sending requests to this subsystem. Thoughts on this? Finally, it's interesting to me (as keyring-maint) that you are specifying the fingerprint. Of course, it makes sense. But it can make key migration (i.e. a DM moving from a 1024D to a 4096R key, or reacting to a key being compromised) as a more difficult thing, as the new key would first have to be inserted by us into the live keyring and only then the old key denied and the new one allowed. I guess we could automate this procedure when performing the keyring push... Anyway, and modulo the time it takes to implement all the needed bits (and discussion), thanks for a nice new idea, and hope to see it go forward!
Attachment:
signature.asc
Description: Digital signature