On Tue Oct 06 20:48:41 +0100 2009 Julian Edwards wrote: > * A PPA picker on the source package branch page with a "Build" button > (and we might want to extend this to a distro upload at some point)
One thing that I forgot first time, in my opinion we will want distro upload at some point, but we will want to experiment with PPAs first. Once we have worked out the kinks we can activate it for the distribution. However, the discussion of switching to sftp upload reminded me of an unanswered question we have about this. Changing to a webapp operation or API call to put something in the distribution moves us away from GPG signed instructions to one based ultimately on cookies in the browser and webapp passwords. While LP is better than many sites in this area it certainly makes me feel uncomfortable. Should we perhaps be looking at a different trigger mechanism, at least for the distribution, such as an alternative .changes file format that specifies the needed parts. This is perhaps being overly paranoid, given that all that stops you from adding a new GPG to my account and uploading with that right now is the cookie/password protection. Also, removing packages from the distribution, and when/if copying packages to the distribution from other archives is possible, they would have the same protection. Even so, I would like to have a discussion with the usual suspects about this (elmo, cjwatson, kees, etc.), perhaps at UDS? Thanks, James _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
