On Sun, Jul 05, 2015 at 09:43:30PM +0200, Peter Palfrader wrote: > On Sun, 05 Jul 2015, Ian Jackson wrote: > > > However, DMs currently do not have access to it because the backend > > service is accessed via ssh.[1] > > > > To solve this problem it is necessary to have a list of DMs' ssh > > keys, and make them authorised the same way DDs' keys are[2] for the > > dgit service user on gideon.debian.org. > > DSA isn't opposed to adding NMs to LDAP. If NM/keyring-maint is ok with > that and files appropriate ticket and/or reassigns them accordingly, > maybe that's an easy route?
There's no issue with keyring-maint changing to re-assign DM key
addition tickets to DSA once the key is added. My assumption would be
that DSA would then be responsible for closing the appropriate bug in
the BTS once the LDAP side was done (keyring-maint currently do this as
we're the end of the DM addition process).
There was previous discussion about generally improving the DM workflow
and getting it integrated into nm.debian.org so it's not handled via the
BTS and instead follows a more similar process to DDs (which could thus
include checks about the username being free or whatever else is
required). I'm sure Enrico would appreciate help from anyone who had
cycles to spare in getting that implemented.
J.
--
Just because I'm paranoid | .''`. Debian GNU/Linux Developer
doesn't mean they're *not* out | : :' : Happy to accept PGP signed
to get me. | `. `' or encrypted mail - RSA
| `- key on the keyservers.
signature.asc
Description: Digital signature
