On 9 June 2011 15:30, Martin Pitt <[email protected]> wrote: > Hello Martin, > > Martin Pool [2011-06-09 14:15 +1000]: >> * having the tb add this to the list of permitted uploaders for >> /ubuntu (but not into ~core-dev) > > What does "/ubuntu" mean here? I. e. where should we add this bot?
Hi Martin, I meant <https://launchpad.net/ubuntu/> and specifically the 'Uploaders' section of that page. I am told there is an api client script which can add people into it, when run by a member of ~tech-board. If the tech board agrees with the proposal but doesn't know about that script I will find or write one. > Also, what's the role of https://launchpad.net/~ubuntu-branches here? > I thought that was the team that owns all the auto-imports? It was, but it will be going away within the next few days. There was a tech-board thread about 10 days ago where Francis discusses removing them: it helps adding support for Ensemble formulas; it's crufty inside Launchpad; and because Launchpad is trying to get away from having hardcoded permissions and celebrities. <https://lists.ubuntu.com/archives/technical-board/2011-May/000907.html> >> Some reasonable concerns have been raised that this does not get as >> much to a least-privilege setup as one could desire. In particular: >> the new account will be able to upload packages as well as write to >> branches: Launchpad does not have separate ACLs for those actions at >> present. > > It should be easy to ascertain that the bot doesn't actually do any > dput or ftp'ing, so I'm not too concerned about this as long as it > runs in a trusted environment in the DC. > > At some point we plan to do package builds from branches, so it seems > to me that this separation will become smaller or nonexistent in the > future. Right. > Once that works, how can we ensure that the bot doesn't > "accidentally" create a branch which will cause a package build? That's an interesting question. Normally it should only be creating revisions for already-published packages. As an implementation detail we could want some kind of safeguards to make sure it doesn't get into a feedback loop of causing existing packages to be rebuild in either the same archive or a different one. One approach would be to specifically blacklist revisions that come from this robot (for which giving it its own identity can of course only help). There might be others. Or, it may be that just the check that the package version has not already been published and is targeted to the right pocket is enough. >> On both of these I think it's worth acknowledging that more should be >> done in the future, but also that making the importer use its own >> account and identity will be a step forward for security and not a >> step back. > > I agree. James already has way more privileges, so it's not a > regression. Thanks. Martin -- technical-board mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/technical-board
