On Thu, 2020-12-17 at 00:47 +0100, John Paul Adrian Glaubitz wrote: > On 12/17/20 12:36 AM, Paul Wise wrote: > > * snapshot could gain a re-signing service (#763419) > > That would be absolutely awesome. Whom do I throw my money at?
It doesn't seem too complicated to implement and could be developed independent from snapshot.d.o: If any Release.gpg/InRelease file is requested: - Retrieve the original Release+Release.gpg/InRelease files. - If there is a valid signature from any previous archive key: - Generate new signature (Release.gpg/InRelease) and store it in some cache. (Bonus points if this keeps the original signature if possible.) - Return the generated Release.gpg/InRelease. - Otherwise: - Return some HTTP error? Or the unmodified Release.gpg/InRelease? Any other files: - Redirect to normal snapshot.d.o Only some storage for recently-requested Release.gpg/InRelease files would be needed. The service could run independent from snapshot.d.o and redirect most requests there. Maybe the same could be done for archive.d.o? I might be interested to experiment with this as it seems reasonably small project to implement. :-) Ansgar