Hi debian-admin team, Here are the excerpt of a mail exchange about autosigning for the security suites. On Wed, Jun 08, 2011 at 10:07:14PM +0200, Moritz Muehlenhoff wrote: > On Fri, Jun 03, 2011 at 07:52:43PM +0200, Thijs Kinkhorst wrote: > > On Fri, June 3, 2011 17:22, Aurelien Jarno wrote: > > >> We don't sign the build logs (anymore), the security suites are > > >> autosigned. > > >> I think we need the wb-admins to check this out, then. > > > > > autosigning is enabled only on debian.org machines, which is not the > > > case of the arm build daemons. They still need manual signing. > > > > Right. I'll see to it that the logs are signed then. > > > > I think it's most beneficial to the workflow if arm is not an exception to > > the other architectures. How feasible is it to make the arm buildd a > > debian.org machine? > > AFAICS also ia64 and hppa need to be converted to have full security > buildd autosigning. > Basically we've got the request from the security team that all architectures do autosigning for the security suites. The ftpmasters require, among other things, that the buildd host doing autosigning are maintained by DSA [1]. Both arm build daemons are not DSAed, and it seems to be the case (at least partially) for ia64 and hppa. What would be the required steps to make these machines maintained by DSA, and which information would you need first? Thanks, Aurelien [1] http://lists.debian.org/debian-wb-team/2011/03/msg00041.html -- Aurelien Jarno GPG: 1024D/F1BCDB73 aurelien@aurel32.net http://www.aurel32.net
Attachment:
signature.asc
Description: Digital signature