Re: Bug#840104: Encrypted uploads to the security archive

To: Ansgar Burchardt <ansgar@debian.org>, Kurt Roeckx <kurt@roeckx.be>
Cc: 840104@bugs.debian.org, debian-wb-team@lists.debian.org
Subject: Re: Bug#840104: Encrypted uploads to the security archive
From: Philipp Kern <pkern@debian.org>
Date: Wed, 31 Jan 2018 01:22:20 +0100
Message-id: <[🔎] 04b64307-7eb6-1293-e6b2-bccc535d957f@philkern.de>
In-reply-to: <[🔎] 878tce28gi.fsf@43-1.org>
References: <20161008100601.e3wra2odjkmkky5a@roeckx.be> <[🔎] 878tce28gi.fsf@43-1.org>

On 31.01.2018 01:11, Ansgar Burchardt wrote:
> I'm not sure if buildds are already configured to upload to the security
> archive via ssh as they do for the main archive.  It might be a good
> idea to do so.

What's the requirement here? I think traditionally we use machine-local
SSH authorized_keys for role accounts. So we already provision keys to
every buildd that allows it to talk to wanna-build, but I'm not sure how
we'd maintain that with another host. Especially one that presumably can
be repointed?

Maybe this is more of a question for DSA, but I don't know what the
current setup entails and if you wrote your own SSH daemon for uploads.
In that case we should be able to figure something out.

Alternatively I suppose DSA could also provide something through
stunnel, but then I think we'd be back to encrypted FTP.

Kind regards and thanks
Philipp Kern

Reply to:

References:
- Re: Bug#840104: Encrypted uploads to the security archive
  - From: Ansgar Burchardt <ansgar@debian.org>

Prev by Date: Re: Bug#840104: Encrypted uploads to the security archive
Next by Date: Re: wanna-build access to schedule binNMUs for Go packages
Previous by thread: Re: Bug#840104: Encrypted uploads to the security archive
Index(es):
- Date
- Thread