Re: Bug#840104: Encrypted uploads to the security archive

To: Philipp Kern <pkern@debian.org>
Cc: Ansgar Burchardt <ansgar@debian.org>, debian-wb-team@lists.debian.org, 840104@bugs.debian.org
Subject: Re: Bug#840104: Encrypted uploads to the security archive
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Wed, 14 Feb 2018 14:57:21 +0100
Message-id: <[🔎] 20180214135721.GA1007@aurel32.net>
Mail-followup-to: Philipp Kern <pkern@debian.org>, Ansgar Burchardt <ansgar@debian.org>, debian-wb-team@lists.debian.org, 840104@bugs.debian.org
In-reply-to: <[🔎] f0a43b2f-a75a-00fc-0fcf-5686cb04b2bc@philkern.de>
References: <20161008100601.e3wra2odjkmkky5a@roeckx.be> <878tce28gi.fsf@43-1.org> <04b64307-7eb6-1293-e6b2-bccc535d957f@philkern.de> <[🔎] 87d11pdpl2.fsf@43-1.org> <[🔎] f0a43b2f-a75a-00fc-0fcf-5686cb04b2bc@philkern.de>

On 2018-02-01 20:45, Philipp Kern wrote:
> On 01.02.2018 10:30, Ansgar Burchardt wrote:
> > Hmm, another issue comes to mind:
> > 
> > If we care about encrypted buildd uploads, the buildds should probably
> > also download from the (private) security-buildd archive over an
> > encrypted connection, ideally with client authentication.  Otherwise
> > people could see the embargoed fixes in the source package.
> 
> Well, I thought this was already the case at this point. I suppose it
> shouldn't be too hard to add https:// support at this point given that
> apt supports it natively. But I think client auth should be a weak
> requirement at this point.

Since a few hours ago the build daemons access the security archive in
https. This might not be the perfect solution, but it's already an
improvement compared to plain http:// and it was (relatively) easy to
do. It doesn't prevent looking for a better solution though.

Aurelien

-- 
Aurelien Jarno                          GPG: 4096R/1DDD8C9B
aurelien@aurel32.net                 http://www.aurel32.net

Reply to:

References:
- Re: Bug#840104: Encrypted uploads to the security archive
  - From: Ansgar Burchardt <ansgar@debian.org>
- Re: Bug#840104: Encrypted uploads to the security archive
  - From: Philipp Kern <pkern@debian.org>

Prev by Date: Re: request: check installability of Depends before building
Next by Date: Re: Bug#840104: Encrypted uploads to the security archive
Previous by thread: Re: Bug#840104: Encrypted uploads to the security archive
Next by thread: Request to give back srm-ifce and lcgdm
Index(es):
- Date
- Thread