Hi, On 3/26/2019 10:23 PM, Paul Gevers wrote: > Kind ping for the question below.
I am not sure what you are asking. Yes, buildds for security have access to the embargoed queue and obviously that access cannot reasonably be shared. Technically I think it's in the purview of ftp-master to approve new credentials (in this case together with Security team) and for DSA to provision them. As far as I remember we rely on IP whitelisting today - at least 99builddsourceslist does not contain logic for passwords (anymore) and I'm pretty sure DSA autogenerates that list into ftp-master's apache config. Unfortunately I could not find that configuration in DSA's Puppet tree (nor on coccia, but this is about security-master) from a quick glance. I know I have seen it in the past, but I don't recall where. In any case those two teams are the ones to ask. Kind regards Philipp Kern