Hi, * Ian Jackson <[email protected]> [2025-12-25 16:12]:
I think it would make more sense to add a callback mechanism to DAK, e.g. have a "Upload-Receipt: https://uri"; field in .changes which can be processed where the Accepted/Rejected emails get generated.... one possible MR is one to expose that in the HTTPS API, I think.
That way, DAK needs not to track additional state about the queue and dgit does not need to poll for changes in upload states. For additional security, DAK can implement a whitelist for acceptable callback hosts. The payload could be a JSON object, a DEB822 paragraph or whatever is convenient. Presumably, this payload could also be signed by the Archive Upload Processing key to prevent tampering with dgit state.
Cheers Timo -- ⢀⣴⠾⠻⢶⣦⠀ ╭────────────────────────────────────────────────────╮ ⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │ ⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │ ⠈⠳⣄⠀⠀⠀⠀ ╰────────────────────────────────────────────────────╯
signature.asc
Description: PGP signature
