Package: ftp.debian.org
Severity: wishlist
This was discussed at one of the past security team meetings, but
there was never a bug for that:
(This is a first high level view, the exact requirements can be hashed
out later.)
Right now to release a security update one needs shell access on
security-master. It would be great to allow the release of a security
update via a PGP-signed control message (similar to how changes files
need to be signed to allow uploads).
The next step would then be an ACL mechanism where trusted DDs can be
granted the possibility to release DSAs on their own (after the
security team having acked the debdiff). (This also needs some tweaks
for the debian-security-announce moderation script, but that's
unrelated to this task.
Cheers,
Moritz
