Re: [RFC] General Resolution to deploy tag2upload

To: Ian Jackson <ijackson@chiark.greenend.org.uk>
Cc: Sean Whitton <spwhitton@spwhitton.name>, Helmut Grohne <helmut@subdivi.de>, Ansgar 🙀 <ansgar@43-1.org>, debian-vote@lists.debian.org
Subject: Re: [RFC] General Resolution to deploy tag2upload
From: Joerg Jaspert <joerg@debian.org>
Date: Thu, 13 Jun 2024 17:02:48 +0200
Message-id: <[🔎] 87msnonaw7.fsf@ganneff.de>
In-reply-to: <[🔎] 26218.50052.107395.941498@chiark.greenend.org.uk>
References: <[🔎] 87wmmvrubl.fsf@melete.silentflame.com> <[🔎] 1d18bfee6b3b6beec5a9804d1e879339f0edee90.camel@43-1.org> <[🔎] 20240612090822.GA3640953@subdivi.de> <[🔎] 26217.39029.509566.207415@chiark.greenend.org.uk> <[🔎] 871q51onxs.fsf@ganneff.de> <[🔎] 878qz9q1mm.fsf@melete.silentflame.com> <[🔎] 87plsln7as.fsf@ganneff.de> <[🔎] 874j9xmdd4.fsf@melete.silentflame.com> <[🔎] 26218.50052.107395.941498@chiark.greenend.org.uk>

On 17259 March 1977, Ian Jackson wrote:

Thanks.  Then possibly it is sufficient for ftpmaster just to disable
tag2upload's whole key until the keyring update is pushed.

I'm not sure this is a sufficient answer.  We don't want uploads by
revoked keys to appear on *.dgit.d.o either.

Joerg, is there some way that this fingerprint block information could
be made available in a more timely manner?  Ideally we would update
push.dgit.d.o to use this information, regardless of tag2upload.
(And the t2u conversion system should use it too.)

I think maybe we should take this to a different venue, than this
thread on -vote.  How about a bug against ftp.d.o and/or
dgit-infrastructure ?


I think this is a minor issue, actually. It does not happen often. For
the time it will, we can have something like "ftpmaster pushes a list of
fingerprints via $mechanism" (ssh forced command is widely used for
similar things, for example).

That's really simple to implement.

--
bye, Joerg

Reply to:

Follow-Ups:
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Scott Kitterman <debian@kitterman.com>

References:
- [RFC] General Resolution to deploy tag2upload
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Ansgar 🙀 <ansgar@43-1.org>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Helmut Grohne <helmut@subdivi.de>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Joerg Jaspert <joerg@debian.org>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Joerg Jaspert <joerg@debian.org>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Sean Whitton <spwhitton@spwhitton.name>
- Re: [RFC] General Resolution to deploy tag2upload
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

Prev by Date: Re: Security review of tag2upload
Next by Date: Re: [RFC] General Resolution to deploy tag2upload
Previous by thread: Re: [RFC] General Resolution to deploy tag2upload
Next by thread: Re: [RFC] General Resolution to deploy tag2upload
Index(es):
- Date
- Thread