[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#840104: Encrypted uploads to the security archive

On 31.01.2018 01:11, Ansgar Burchardt wrote:
> I'm not sure if buildds are already configured to upload to the security
> archive via ssh as they do for the main archive.  It might be a good
> idea to do so.

What's the requirement here? I think traditionally we use machine-local
SSH authorized_keys for role accounts. So we already provision keys to
every buildd that allows it to talk to wanna-build, but I'm not sure how
we'd maintain that with another host. Especially one that presumably can
be repointed?

Maybe this is more of a question for DSA, but I don't know what the
current setup entails and if you wrote your own SSH daemon for uploads.
In that case we should be able to figure something out.

Alternatively I suppose DSA could also provide something through
stunnel, but then I think we'd be back to encrypted FTP.

Kind regards and thanks
Philipp Kern

Reply to: