On Thu, Aug 28, 2014 at 11:16:10AM +0100, Evan Dandrea wrote: > Are we making sure that submission does not require a token? I would > think that just updating metadata or cancelling tickets requires auth, > no? > > I ask because this would be a divergence from dput, where all you need > is a signed package to make a successful submission (bogus submissions > can be dumped asynchronously server-side). I'm assuming we can prevent > spoofing by checking that the provided signature is from the key for > the user specified in LP.
As we discussed in today's standup. We'll not do authentication for the CLI at this time and depend on signature key for ticket creation authentication. > > Does implementing the frontend submission service make any of this easier? > > https://app.asana.com/0/14737058697498/ I don't see it making things easier right now with regard to authentication and ticket creation. Joe -- Mailing list: https://launchpad.net/~canonical-ci-engineering Post to : [email protected] Unsubscribe : https://launchpad.net/~canonical-ci-engineering More help : https://help.launchpad.net/ListHelp
