William Grant wrote: > Rather than something strange like this, why not allow the SPN to be > created at recipe-registration time? That seems substantially cleaner, > and it's not as if the SPN namespace is exactly clean even now.
It won't work because it needs to traverse through a DistributionSourcePackage object. Just creating the SPN is not nearly enough. >> Presumably we'll need a buildd-slave SSH key that can access everything? > > That's impossible, unless you start doing stuff outside the VM. That That was the idea. > sounds like a recipe for trouble. In a later email, you suggested > chroots. chroots do not help. They are simple to break out of. Yes, but we cannot arrive at a sensible solution without considering all the alternatives. > The only solution that I see as feasible is doing something rather like > P3As: HTTPS with per-branch credentials. I initially considered that > buildd-manager should grant and revoke these credentials on a per-job > basis, but I guess a branch's buildd key doesn't ever actually need to > change. Yes I was trying to think of something comparable to the way we do P3As. We could also have a private branch server inside the DC that has no restrictions. I don't really know enough about how that stuff works so I'm really happy to have someone that does just come up with a solution ;) > Where will they be signed? It cannot be anywhere on the slaves. Can you expand on this? I'm sure there's a good reason but it's late and my brain hurts. > Remember > that we already have lots of unsigned sources in LP (mostly syncs), and > that hasn't been much of a problem. Indeed, but if we can easily come up with a solution to sign these then we should do it! _______________________________________________ Mailing list: https://launchpad.net/~launchpad-dev Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-dev More help : https://help.launchpad.net/ListHelp
