Re: Bug#840104: Encrypted uploads to the security archive
On 31.01.2018 01:11, Ansgar Burchardt wrote:
> I'm not sure if buildds are already configured to upload to the security
> archive via ssh as they do for the main archive. It might be a good
> idea to do so.
What's the requirement here? I think traditionally we use machine-local
SSH authorized_keys for role accounts. So we already provision keys to
every buildd that allows it to talk to wanna-build, but I'm not sure how
we'd maintain that with another host. Especially one that presumably can
Maybe this is more of a question for DSA, but I don't know what the
current setup entails and if you wrote your own SSH daemon for uploads.
In that case we should be able to figure something out.
Alternatively I suppose DSA could also provide something through
stunnel, but then I think we'd be back to encrypted FTP.
Kind regards and thanks