Package: dgit-infrastructure Version: 11.10 In a thread on d-vote Joerg Jaspert reports that ftpmaster sometimes block a particular PGP fingerprint in a hurry.
Currently, the dgit-repos server, and the proposed t2u server, do not have this information. They should have it and honour it. Joerg writes: > we can have something like "ftpmaster pushes a list of fingerprints > via $mechanism" (ssh forced command is widely used for similar > things, for example). This seems like an appropriately lightweight answer. I suggest the following details: * Make the dgit-repos-server program, which interprets the keyrings and dm permissions list, take an additional input file, which is the list of blocked fingerprints. * Update ftpmaster's processes to add a script which rsyncs the blocked fingerprint list. Currently, to a suitable location on push.dgit.debian.org. And, after t2u is deployed, to the t2u server too. Using an rsync restricted command, as proposed. * Arrange to regularly test that this push of a new file can be done, in case the rsync restricted command rots. Joerg, does that sound good to you? Should the file be anything more than a list of fingerprints without whitespace in hex ? Ian. -- Ian Jackson <ijack...@chiark.greenend.org.uk> These opinions are my own. Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk, that is a private address which bypasses my fierce spamfilter.
