Re: Debian upload monitor
On Thu, May 01, 2008 at 04:46:00PM -0400, Roberto C. Sánchez wrote:
> On Thu, May 01, 2008 at 05:58:40PM +0100, Enrico Zini wrote:
> > On Thu, May 01, 2008 at 05:25:16PM +0200, Thijs Kinkhorst wrote:
> > > Doesn't dak already send you an email when it processes an upload with your
> > > key? What exactly does this add on top of that functionality?
> > The problem is that it seems to be possible to craft an upload that will
> > send an email elsewhere so you won't notice it.
> How so? I'm sure the dak maintainers would like to know of this. My
> understanding is that dak does it like this:
> - extract ID of key used to sign upload
> - lookup ID in Debian keyring
Those things it does.
> - determine Debian account associated with key ID
> - send email to that Debian email (unless the uploader's email, as
> noted in the changelog entry, is one of the ones explicitly listed in
> the key)
That it does very recently in case of sponsored uploads, but not for
It will always mail to the address in Changed-By.
I think for normal source uploads it will also mail to the Maintainer,
but I'm not sure about that.