Re: autopkgtest for security archive
On Wed, Mar 27, 2019 at 10:04:47 +0100, Philipp Kern wrote:
> Hi,
>
> On 3/26/2019 10:23 PM, Paul Gevers wrote:
> > Kind ping for the question below.
>
> I am not sure what you are asking. Yes, buildds for security have access
> to the embargoed queue and obviously that access cannot reasonably be
> shared. Technically I think it's in the purview of ftp-master to approve
> new credentials (in this case together with Security team) and for DSA
> to provision them. As far as I remember we rely on IP whitelisting today
> - at least 99builddsourceslist does not contain logic for passwords
> (anymore) and I'm pretty sure DSA autogenerates that list into
> ftp-master's apache config. Unfortunately I could not find that
> configuration in DSA's Puppet tree (nor on coccia, but this is about
> security-master) from a quick glance. I know I have seen it in the past,
> but I don't recall where. In any case those two teams are the ones to ask.
>
The apache config uses the macro defined in
https://salsa.debian.org/dsa-team/mirror/dsa-puppet/blob/master/modules/roles/templates/dakmaster/conf-builddlist.erb
Cheers,
Julien
Reply to: