dm upload permissions
Hello, For your information, here are a few reports about DM upload permissions : http://qa.debian.org/~bartm/dm-permissions/ The reports are made using these information sources : - the old DMUA=yes flags in the debian/control files - the new DM upload permissions in http://ftp-master.debian.org/dm.txt - the DM keyring - carnivore database (e-mail addresses, key fingerprints, maintainer names) - fields Maintainer and Uploaders in Sources files The report dd-dm-package.txt is http://ftp-master.debian.org/dm.txt reformatted by granting DD. No old DMUA=yes permissions here. The report dm-dd-package.txt gives an overview of all current DM upload permissions, either via the old DMUA=yes flag or via the new DM upload permissions. According to the announcement http://lists.debian.org/debian-devel-announce/2012/09/msg8.html the remaining permissions only via DMUA=yes will be revoked on 24th of November 2012. The report dm-without-packages.txt lists DMs in the DM keyring that are currently not maintaining any package with DM upload permissions. The report dmua-without-dm.txt lists over 1200 source packages having the old DMUA=yes flag but without a DM in Maintainer or Uploaders. Regards, Bart Martens -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120928085341.gb8...@master.debian.org
Re: dm upload permissions
Hi, On 28.09.2012 10:53, Bart Martens wrote: For your information, here are a few reports about DM upload permissions : http://qa.debian.org/~bartm/dm-permissions/ just for the records, before people start writing more tools: I've written one myself and asked for inclusion of it in devscripts: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688830 -- with kind regards, Arno Töll IRC: daemonkeeper on Freenode/OFTC GnuPG Key-ID: 0x9D80F36D signature.asc Description: OpenPGP digital signature
Re: DM upload permissions in detail
Am -10.01.-28163 20:59, schrieb Philipp Kern: On 2011-04-26, Torsten Werner twer...@debian.org wrote: the first UID with an email address is used by dak. The first being the one with the newest self-sig? No, just the 'first' one. Torsten -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4db7d3b3.4000...@debian.org
Re: DM upload permissions in detail
Am -10.01.-28163 20:59, schrieb Arno Töll: I am no DM (yet), I just wanted to make things clear in advance as I want to approach DD signings soon. You could create a new key for your Debian work but you would lose existing signatures. Torsten -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4db7d46d.8010...@debian.org
Re: DM upload permissions in detail
On Tue, 26 Apr 2011 at 22:34:23 +0200, Arno Töll wrote: Thanks for your answer. Good to hear there is at least the possibility to come around this issue. Now I am curious what such a good reason would be. Let's say would I don't want to be spammed on my primary UID, hence I use for Debian correspondence another e-mail address within the same key pair a valid reason? Since the code snippet you quoted will accept a match for either the real name part or the email part, you could just add a secondary UID with the same (spelling of your) name but a Debian-specific email address. That's what I did before I became a DD, for much the same reason. In other words, this would be fine: John Doe j...@example.com John Doe john-deb...@example.com but this wouldn't work: John Doe j...@example.com Jonathan Frederick Doe john-deb...@example.com Regards, S -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110427090953.ga27...@reptile.pseudorandom.co.uk
Re: DM upload permissions in detail
Ben Finney schrieb: the first UID with an email address is used by dak. It can be changed manually if there is a good reason for such a change. Please file a bug report against ftp.debian.org if you need such a change. Why is an additional reason needed? Why isn't it sufficient that the person wants to sign with that UID? Because such a change needs manual intervention, I presume. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/ldd.1104271219.1...@thorondor.akallabeth.de
Re: DM upload permissions in detail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Simon, On 27.04.2011 11:09, Simon McVittie wrote: Since the code snippet you quoted will accept a match for either the real name part or the email part, you could just add a secondary UID with the same (spelling of your) name but a Debian-specific email address. That's what I did before I became a DD, for much the same reason. thanks a lot for this hint, this may work. Let's just hope no name clashes appear now or in future, since this would require the code snippet to be changed. - -- with kind regards, Arno Töll GnuPG Key-ID: 0x8408D4C4 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNt/wrAAoJELBdpXvEXpo9a4kQAJ+Oy6ernjEVaJJCNn3Msi4o TnL33q6nBqXNy8/ip+QdKhG+vXWArCNyA8XO4RLvE5TlnpokxvhJZNbePvXLeTaL gZ2r7lZBRnOcijS0GTz3/jYSCqjH98JMfJ8xZLl/+XMAgKW7vb+lIbd5T6nruBes VXlF5Rl+IIGBFGrFxXHZI+MZMLVZj0AzeMjpJuP2V/cPsG2HlroFbkl1mQmGSQ4q r6nNlTDZgJxgCnukuwu5cAd7174AljwO07jDsbsNnICmGlj5GPAZBMRYEZRZUSHd jKR7SqM8OcW45EUtshizoXEtE48bJpIB3sDUxN+HArW7DT6KN/n2uB48wHTz59lC MJBg3jMBxMGJnxV+2b1U/sdvAV0Vb8NeHXYGT73UE4o831/dMbnNX7gtaMe/9KXL USEQEMTueihiTCy1fgA2o2LTPaqE7gCVRROaApGDm1hshnygpnFGZs9QwZQ831ZG F/2HWK3zwGXdE2hqXJhIcXsT77U5Be8kUd04/NDGbgYaoMGvBJlQv0sMlQDywBXF dtiLI1gl9paWtqkUDX00nIX+4v/mxAg/CHUpZRjobHkOeq33d3HOX8QCwphmdOpy Q3wyt28829jw+L7fAw+HGO/EwONICpWZH6QfAZCQwGNXeeIAJKg0K+oMbTq8Dr0c a0O/1xj3U05aCFI/zZfS =cLK+ -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4db7fc2b.6030...@toell.net
Re: DM upload permissions in detail
On Wed, 2011-04-27 at 13:21 +0200, Arno Töll wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Simon, On 27.04.2011 11:09, Simon McVittie wrote: Since the code snippet you quoted will accept a match for either the real name part or the email part, you could just add a secondary UID with the same (spelling of your) name but a Debian-specific email address. That's what I did before I became a DD, for much the same reason. thanks a lot for this hint, this may work. Let's just hope no name clashes appear now or in future, since this would require the code snippet to be changed. I'm pretty sure there is a name clash already, though not among DMs. Ben. -- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse. signature.asc Description: This is a digitally signed message part
Re: DM upload permissions in detail
On Wed, Apr 27, 2011 at 10:28:35AM +0200, Torsten Werner wrote: Am -10.01.-28163 20:59, schrieb Philipp Kern: On 2011-04-26, Torsten Werner twer...@debian.org wrote: the first UID with an email address is used by dak. The first being the one with the newest self-sig? No, just the 'first' one. This isn't very clear. The OpenPGP standard doesn't specify a fixed ordering for user IDs, so the order in which the user IDs for a given key are written is undefined. If they're written from a hash/map whose ordering changes every time it's used (think perl's hashes), then the same program can produce different outputs every time. You probably therefore should not rely on the order in which the packets are emitted. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187 signature.asc Description: Digital signature
Re: DM upload permissions in detail
Am -10.01.-28163 20:59, schrieb brian m. carlson: This isn't very clear. The OpenPGP standard doesn't specify a fixed ordering for user IDs, so the order in which the user IDs for a given key are written is undefined. If they're written from a hash/map whose ordering changes every time it's used (think perl's hashes), then the same program can produce different outputs every time. I am pretty sure that gpg outputs them in the same order every time. But it does not matter because every key is imported only once into dak's database. Torsten -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4db85975.7040...@debian.org
DM upload permissions in detail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, I've been asking this question on debian-mentors before, but people involved into this process might be better addressed through d-d, so I hope you don't mind as I got there no answer so far. I was wondering what the exact requirements for DM uploads to the Debian archive are. The Wiki tells [1]: Packages signed by a key in the debian-maintainers keyring will be accepted if the [..] the previous version of the package contains this maintainer's primary UID Now, what's exactly meant by primary UID? The primary GPG UID? If yes, am I right when I assume signing a package with a non-primary GPG UID or even more with a sub key won't work to fulfill DM upload rights? I took a look into the dak source: fpr = get_fingerprint(self.pkg.changes['fingerprint'], session=session) ... def check_dm_upload(self, fpr, session): ... rej = False ... # uploader includes the maintainer accept = False for uploader in r.uploaders: (rfc822, rfc2047, name, email) = uploader.get_split_maintainer() # Eww - I hope we never have two people with the same name in Debian if email == fpr.uid.uid or name == fpr.uid.name: accept = True break This seems to support my assumption as only a single, i.e. the first UID of the fingerprint is verified for DM upload permissions. Given that the following fictional key would not work: pub 1024D/ 2004-07-07 Key fingerprint = ... ... ... ... ... uid John Doe j...@example.com uid John Doe j...@example.net sub 1024g/... 2004-07-07 sub 4096R/... 2011-01-01 sub 4096R/... 2011-01-01 when the 4k sub key altogether with the example.net UID would be used to sign packages, right? That would be bad and a pure artificial constraint. On the other hand good to know now, before I actually tried to get DD signatures for that key ;) [1] http://wiki.debian.org/DebianMaintainer - -- with kind regards, Arno Töll GnuPG Key-ID: 0x8408D4C4 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNtop0AAoJELBdpXvEXpo90+oP/Rmu5jGGdymZN1RKbxt3hu55 Tet1+IZ5t+eora5+Q5dUaiBVc2qUAY9ZSGyV5+SDzPFYygbOzsjVKkiB5RknLHcD HA+e30J2MLSnqGFCx9uzmRtni75I6PnPqGIEcnzDwdGfCqwK2+srWnHF6604s7/s VfuGMzKVrz4nftrKMC9j4fd/urqgW+AtzeB1Zpp6c22vH8PIy67wZi1v0kTymNsE +VzgfLXb7jWBRBznOTyUsk6LZC0If695VVCmBLy4snElThEpuHdVF6vK1rFxzaSD iLtl1+VnVVYAsBLJk87FQ11KWtKIROIAf0lV51NyyeSdpa8mgQlaGinRIrRuAL9d +vZmwBQtzzhYvit57okowQnVs6isZjfnLywDmpkcF77ZMUpw+earlqvwhkLzUxLN kcAccDO4HrHNxHiVxV/jC4DEnhmRbwnr47CYFLhuuAWmmrRlCrOLKk5N81d4G8MN ChlfwPt4ho3yGsBef76/Pchm3G6qMEWXzGUAT8HNvdK4DMkJHJpSmr6Hp30RGgrE AM8Zt3fyAF2C259HKuhx4qkkGCCmz6f8EtQhHmWo42UZ+EtsqbgijemhbY9S+V4W Ax20bFLcRLI7phFgbCLwzamJ7COTqGMh+D6C0usv9dOZd2S4gheS6pf86L1CqxgJ mWpPrwl/mzlNEIXaxr6q =7UWP -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4db68a75.8040...@toell.net
Re: DM upload permissions in detail
Hi Arno, Am -10.01.-28163 20:59, schrieb Arno Töll: Now, what's exactly meant by primary UID? The primary GPG UID? If yes, am I right when I assume signing a package with a non-primary GPG UID or even more with a sub key won't work to fulfill DM upload rights? the first UID with an email address is used by dak. It can be changed manually if there is a good reason for such a change. Please file a bug report against ftp.debian.org if you need such a change. Cheers, Torsten -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4db6d17e.2070...@debian.org
Re: DM upload permissions in detail
On 2011-04-26, Torsten Werner twer...@debian.org wrote: Am -10.01.-28163 20:59, schrieb Arno Töll: Now, what's exactly meant by primary UID? The primary GPG UID? If yes, am I right when I assume signing a package with a non-primary GPG UID or even more with a sub key won't work to fulfill DM upload rights? the first UID with an email address is used by dak. It can be changed manually if there is a good reason for such a change. Please file a bug report against ftp.debian.org if you need such a change. The first being the one with the newest self-sig? Kind regards Philipp Kern -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/slrnirdo17.9ee.tr...@kelgar.0x539.de
Re: DM upload permissions in detail
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Torsten, On 26.04.2011 16:06, Torsten Werner wrote: the first UID with an email address is used by dak. It can be changed manually if there is a good reason for such a change. Please file a bug report against ftp.debian.org if you need such a change. Thanks for your answer. Good to hear there is at least the possibility to come around this issue. Now I am curious what such a good reason would be. Let's say would I don't want to be spammed on my primary UID, hence I use for Debian correspondence another e-mail address within the same key pair a valid reason? I am no DM (yet), I just wanted to make things clear in advance as I want to approach DD signings soon. - -- with kind regards, Arno Töll GnuPG Key-ID: 0x8408D4C4 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNtyxPAAoJELBdpXvEXpo9ulgQALU/0wZuMFNcq05tClOOST3m Q612qxSXHr/0gfPDOZ57I3MBHcax9b4qG+j4hTeWSboi5beswpMyIoVmH0UVh4V6 WpzKjxIIj9KTr3xd5su/AgniXcNm6xb0w3BvxwiD2F7BfsL4nYIwmjeVyWYqd29N KnAHcbmP4aaf1UjPS+yvOjm2s8eKp2vpgFRFvNBeXkwQkLDeHZMvV430JE8/oIuA M+3PVl93C5z7n2LtAB0i7XPZVKSBgYNAQTpCCwyJnrF/YNUOXIr3ih94/M0zzXY3 SnBhTrnxWAHPOqo+JbjEfs5g/LTH4TOBRugdFwAni0Sg/Zy4ozvECtj/b4og0geq ZgUE3HhoY+z2JuXiH0q2nr50VZ9c0qeCOzvYRYLzB720nbiOr9PItiCgB2ivte11 nJnvN9LaJdU+VdkPTMkt90SexKLJJ2f+2JdpjD+QjJHRmTzZFjSXDfrOWUq/Xc6J pX3aNrc8XHOY6zjPoStBKClUV47MSGiC0LoYvGrr+dZFgsjwRx0SgdMYNkNeJHeC neFRRdnZ4OnoNcA+W4h0+az2kH9m7nuL+NmNSDnIC9SclfV30dfWLbNGs1cgy1uu AhTdiY7FalOZob8UjYkHhx+nC9U1ai8azOZwOl58irktAUYl8IZa8eTWt+7l25St vWybQc+jzIUvmMNe4i2b =WlAM -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4db72c4f.3000...@toell.net
Re: DM upload permissions in detail
Torsten Werner twer...@debian.org writes: Hi Arno, Am -10.01.-28163 20:59, schrieb Arno Töll: Now, what's exactly meant by primary UID? The primary GPG UID? If yes, am I right when I assume signing a package with a non-primary GPG UID or even more with a sub key won't work to fulfill DM upload rights? the first UID with an email address is used by dak. It can be changed manually if there is a good reason for such a change. Please file a bug report against ftp.debian.org if you need such a change. Why is an additional reason needed? Why isn't it sufficient that the person wants to sign with that UID? Surely one of the main purposes of multiple UIDs on a key is to allow different UIDs for different purposes, and the issue of when and why a particular UID is used is solely the decision of the owner of the key. -- \ “I may disagree with what you say, but I will defend to the | `\death your right to mis-attribute this quote to Voltaire.” | _o__) —Avram Grumer, rec.arts.sf.written, 2000-05-30 | Ben Finney -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87y62wmrwn@benfinney.id.au