Bug#736859: dput: Please set the default transport to use ssh-upload
On Sun, 10 Feb 2019 18:35:09 +1100 Ben Finney wrote: [...] > > The Debian infrastructure support for SSH upload may not be good > enough to be the default transport for this tool. > > On 27-Nov-2018, Paride Legovini wrote: > > While ssh-upload is clearly better than FTP and I would like to see > > it as the default upload method too, it still has two important > > shortcomings: > > > > 1. Only Debian Developers can use it, as DM do not have an account; > > > > 2. It does not support the DELAYED queue. I have a question: which are the upload methods currently supported by ftp.upload.debian.org (or by ftp.eu.upload.debian.org)? Can https be used by DMs? Can this be made as the new default? It may look like a stupid question, but I honestly failed to find the answer by searching myself (on the web and/or in Debian documentation)... :-( -- http://www.inventati.org/frx/ There's not a second to spare! To the laboratory! . Francesco Poli . GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE pgpFPg6hQApgM.pgp Description: PGP signature
Bug#736859: dput: Please set the default transport to use ssh-upload
Control: clone 736859 -2 Control: retitle -2 dput-ng: Please set the default transport to use ssh-upload On Wed 2019-02-13 12:15:33 -0500, micah anderson wrote: > Daniel Kahn Gillmor writes: >> So perhaps this bug report can be closed, since ssh.upload.debian.org >> does appear to be the default target for dupload today? i don't know >> when that changed. > > That may be true about dupload, but dupload is a different package, and > this was about dput. Sorry for the distraction about dupload! You're clearly right that dput is a separate package, i don't know what i was thinking. I note that dput-ng also appears to default to FTP-based upload, since /etc/dput.d/profiles/ftp-master.json has: "default_host_main": "ftp-master" (so i'm cloning this bug over there to recommend that dput-ng also default to ssh.upload.d.o) but the fact that dupload defaults to ssh.upload is promising, and suggests that it's not the end of the world for a comparable tool to use a sensible default. Could the dput or dput-ng maintainers weigh in on what is needed to make this change? --dkg signature.asc Description: PGP signature
Bug#736859: dput: Please set the default transport to use ssh-upload
Daniel Kahn Gillmor writes: > On Mon 2019-02-11 10:25:48 -0500, Daniel Kahn Gillmor wrote: >> The default dupload target for debian is described this way in >> /etc/dupload.conf: If I install dput, I do not have an /etc/dupload.conf, and rather I see this in /etc/dput.conf: [DEFAULT] login = * method = ftp hash= md5 ... [ftp-master] fqdn= ftp.upload.debian.org incoming= /pub/UploadQueue/ login = anonymous allow_dcut = 1 method = ftp ... That seems like it is using ftp as default to me. > So perhaps this bug report can be closed, since ssh.upload.debian.org > does appear to be the default target for dupload today? i don't know > when that changed. That may be true about dupload, but dupload is a different package, and this was about dput. -- micah
Bug#736859: dput: Please set the default transport to use ssh-upload
On Mon 2019-02-11 10:25:48 -0500, Daniel Kahn Gillmor wrote: > The default dupload target for debian is described this way in > /etc/dupload.conf: > > $cfg{'ftp-master'} = { > fqdn => 'ssh.upload.debian.org', > method => 'scpb', > incoming => '/srv/upload.debian.org/UploadQueue/', > distblacklist => qr/^(?:UNRELEASED|.*-security$)/, > # Files pass on to dinstall on ftp-master which sends emails itself. > dinstall_runs => 1, > }; it also says: # # Global variables # # The host to use if no --to option is used. our $default_host; my $vendor = get_current_vendor(); if ($vendor eq 'Debian') { $default_host = 'ftp-master'; } elsif ($vendor eq 'Ubuntu') { $default_host = 'ubuntu'; } So perhaps this bug report can be closed, since ssh.upload.debian.org does appear to be the default target for dupload today? i don't know when that changed. Micah, can you verify that the defaults are fixed properly? --dkg signature.asc Description: PGP signature
Bug#736859: dput: Please set the default transport to use ssh-upload
Control: clone 736859 -2 Control: retitle -2 ftp.debian.org Control: severity -2 wishlist Control: retitle -2 Please grant DMs sftp/scpb access to ssh.upload.debian.org On Sun 2019-02-10 18:38:48 +1100, Ben Finney wrote: > On 27-Nov-2018, Daniel Kahn Gillmor wrote: >> On 2018-11-27, Paride Legovini wrote: >>> On Mon, 27 Jan 2014 Micah Anderson wrote:> >>> It would be nice if ssh-upload were the default transport for uploading files in debian. Is there a particular reason why it isn't set as the default now? >>> >>> While ssh-upload is clearly better than FTP and I would like to see it >>> as the default upload method too, it still has two important shortcomings: >>> >>> 1. Only Debian Developers can use it, as DM do not have an account; > >> We surely have ssh keys for most DMs these days, via gitlab, >> monkeysphere, or some other mechanism. Maybe we could we grant those >> DMs access? > > If I understand this suggestion, it seems out of scope for this bug > report. Would you re-post that suggestion for discussion where it > might result in action? The default dupload target for debian is described this way in /etc/dupload.conf: $cfg{'ftp-master'} = { fqdn => 'ssh.upload.debian.org', method => 'scpb', incoming => '/srv/upload.debian.org/UploadQueue/', distblacklist => qr/^(?:UNRELEASED|.*-security$)/, # Files pass on to dinstall on ftp-master which sends emails itself. dinstall_runs => 1, }; According to Paride above, DMs cannot use this useful queue because debian doesn't know about their ssh keys. Please enable scpb access to ssh.upload.debian.org for Debian Maintainers based on ssh keys that we know about for them -- either by pulling them from salsa, from monkeysphere, or some other mechanism. Thanks for maintaining the debian upload queues! --dkg signature.asc Description: PGP signature
Bug#736859: dput: Please set the default transport to use ssh-upload
Control: tags -1 + moreinfo On 27-Nov-2018, Daniel Kahn Gillmor wrote: > We surely have ssh keys for most DMs these days, via gitlab, > monkeysphere, or some other mechanism. Maybe we could we grant those > DMs access? If I understand this suggestion, it seems out of scope for this bug report. Would you re-post that suggestion for discussion where it might result in action? > > 2. It does not support the DELAYED queue. > > If it doesn't support the DELAYED queue, that should be fixed. is > there a reason that DELAYED isn't available via ssh-upload? I don't know; Paride, is this problem already reported in some bug report? Which one? -- \ “I must say that I find television very educational. The minute | `\ somebody turns it on, I go to the library and read a book.” | _o__)—Groucho Marx | Ben Finney signature.asc Description: PGP signature
Bug#736859: dput: Please set the default transport to use ssh-upload
Control: severity -1 wishlist Control: outlook -1 0 Control: tags -1 + moreinfo The Debian infrastructure support for SSH upload may not be good enough to be the default transport for this tool. On 27-Nov-2018, Paride Legovini wrote: > While ssh-upload is clearly better than FTP and I would like to see > it as the default upload method too, it still has two important > shortcomings: > > 1. Only Debian Developers can use it, as DM do not have an account; > > 2. It does not support the DELAYED queue. -- \ “I was trying to daydream, but my mind kept wandering.” —Steven | `\Wright | _o__) | Ben Finney signature.asc Description: PGP signature
Bug#736859: dput: Please set the default transport to use ssh-upload
On Tue 2018-11-27 13:07:12 +0100, Paride Legovini wrote: > On Mon, 27 Jan 2014 Micah Anderson wrote:> >> It would be nice if ssh-upload were the default transport for >> uploading files in debian. Is there a particular reason why it isn't >> set as the default now? > While ssh-upload is clearly better than FTP and I would like to see it > as the default upload method too, it still has two important shortcomings: > > 1. Only Debian Developers can use it, as DM do not have an account; We surely have ssh keys for most DMs these days, via gitlab, monkeysphere, or some other mechanism. Maybe we could we grant those DMs access? Alternately, can we provide anonymous ssh access to ssh-upload and just be done with the whole FTP mess once and for all? it's 2018, and far too much of the Internet is actively hostile to cleartext traffic. Even OpenBSD's CVS server uses anonymous ssh for access these days: https://www.openbsd.org/anoncvs.html > 2. It does not support the DELAYED queue. If it doesn't support the DELAYED queue, that should be fixed. is there a reason that DELAYED isn't available via ssh-upload? --dkg signature.asc Description: PGP signature
Bug#736859: dput: Please set the default transport to use ssh-upload
On Mon, 27 Jan 2014 Micah Anderson wrote:> > It would be nice if ssh-upload were the default transport for > uploading files in debian. Is there a particular reason why it isn't > set as the default now? While ssh-upload is clearly better than FTP and I would like to see it as the default upload method too, it still has two important shortcomings: 1. Only Debian Developers can use it, as DM do not have an account; 2. It does not support the DELAYED queue. Paride
Bug#736859: dput: Please set the default transport to use ssh-upload
Package: dput Version: 0.9.6.4 Severity: normal It would be nice if ssh-upload were the default transport for uploading files in debian. Is there a particular reason why it isn't set as the default now? thanks, micah -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages dput depends on: ii gnupg 1.4.16-1 ii python 2.7.5-5 dput recommends no packages. Versions of packages dput suggests: ii lintian 2.5.21 pn mini-dinstall none ii openssh-client 1:6.4p1-2 ii rsync 3.1.0-2 -- Configuration Files: /etc/dput.cf changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org