Hi Emilio, On Fri, May 05, 2023 at 02:15:15PM +0200, Emilio Pozuelo Monfort wrote: > Control: forwarded -1 > https://salsa.debian.org/ftp-team/dak/-/merge_requests/270 > > Hi, > > On Wed, 09 Mar 2016 19:36:02 +0100 Moritz Muehlenhoff <j...@debian.org> wrote: > > Package: ftp.debian.org > > Severity: wishlist > > > > This was discussed at one of the past security team meetings, but > > there was never a bug for that: > > > > (This is a first high level view, the exact requirements can be hashed > > out later.) > > > > Right now to release a security update one needs shell access on > > security-master. It would be great to allow the release of a security > > update via a PGP-signed control message (similar to how changes files > > need to be signed to allow uploads). > > > > The next step would then be an ACL mechanism where trusted DDs can be > > granted the possibility to release DSAs on their own (after the > > security team having acked the debdiff). (This also needs some tweaks > > for the debian-security-announce moderation script, but that's > > unrelated to this task. > > There's now a MR at [1] that should address the ACL for dak. Feel free to > comment if you have any feedback.
It looks ftp-master have implemented now part on dak side for it according to your MR, but how would that would be used? How wold a package in the embargoed policy queues be released accordingly with a signed commands file? What setup steps are needed on our end? Regards, Salvatore
