I am about to upload a version of dgit which uses its own git repo store rather than alioth, and which would in principle support push access for DMs.
However, DMs currently do not have access to it because the backend service is accessed via ssh.[1] To solve this problem it is necessary to have a list of DMs' ssh keys, and make them authorised the same way DDs' keys are[2] for the dgit service user on gideon.debian.org. I think it is not really acceptable to have a service like this that cannot be used by DMs. If we don't have a list of DMs' ssh keys, or it is too hard to automatically extract such a list, then I can set up some kind of robot, to which a DM can send their pgp-signed ssh key, to have it installed. What do I need to do next to make this happen ? Thanks, Ian. [1] The protection offered by ssh's encryption and authentication is not the primary barrier to unauthorised updates, but it does prevent outsiders from being able to consume resources on the server and it will also prevent them from being able to attack the dgit push receiver service. [2] Note that although this grants identical access to the service, the service itself honours the restrictions in ftpmaster's dm.txt, so that DMs can only push to `their' packages. -- To UNSUBSCRIBE, email to debian-newmaint-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/21912.30550.226844.122...@chiark.greenend.org.uk