The proposal to merge lp:~lifeless/launchpad/private-librarian into lp:launchpad has been updated.
Description changed to: I'm proposing this to get feedback on the approach - I put it together on the plane so it has had zero discussion so far. The basic idea is to have an https librarian that uses an access token for a time limited period, rather than proxying on the appservers which is terrible in several ways that aren't all that relevant except to say its hard to improve and incompatible with our peformance goals. So in this model, we hand out a token when someone (including wget) accesses a private attachment on launchpad, and issue a temporary redirect (over ssl) to https://launchpadlibrarian.net/...file?token=xxxxx The token goes in the session DB, the garbo cleans that up, and we all are happy happy happy. Oh, and the librarian rejects requests without a token for private files. We can't use OAuth because then the OAuth token would be attackable by content in the private librarian. RT 41202 contains the request for wildcard DNS keys. -- https://code.launchpad.net/~lifeless/launchpad/private-librarian/+merge/31020 Your team Launchpad code reviewers is requested to review the proposed merge of lp:~lifeless/launchpad/private-librarian into lp:launchpad. _______________________________________________ Mailing list: https://launchpad.net/~launchpad-reviewers Post to : [email protected] Unsubscribe : https://launchpad.net/~launchpad-reviewers More help : https://help.launchpad.net/ListHelp
