On Sun, Jun 10, 2012 at 7:57 PM, Ansgar Burchardt wrote: > The ftp team wants to change how allowing Debian Maintainers to upload > packages works.
Excellent, I have wanted this change for a while. > The current approach with the DM-Upload-Allowed field > has a few issues we would like to address: In addition, it is easy for DDs to miss the addition of DMUA in initial uploads and later ones. For example one of the ftp sponsored adding DMUA to a package while the sponsored-maintainer wasn't and still isn't a DM. > We plan to instead implement an interface where developers upload a > signed command file to ftp-master to grant upload permissions instead, > similar to dcut. This could end up looking similar to this: How about adding a timestamp to avoid replay attacks? > Here "Allow" would add additional packages to the list of packages the > Debian Maintainer (identified by his key fingerprint) may upload. > "Deny" would be used to revoke this permission again[1]. Any DD may use > this to grant/revoke upload permissions to existing packages (ie. at > least in NEW); referring to non-existing packages will be an error (at > least for Allow). Should that not be restricted to DDs who can upload? Since we have non-uploading DDs, since those aren't trusted to upload, should they be trusted to give upload permissions to others? > Please note that we currently do not know when we might get around to > implement these changes. I had intended to try and look at this during DebCamp. -- bye, pabs http://wiki.debian.org/PaulWise -- To UNSUBSCRIBE, email to debian-project-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/CAKTje6FNz3NLofVXKP=OTh2d1_d=lbavvt0pi8ie95388b0...@mail.gmail.com