Hello Martin, Martin Pool [2011-06-09 14:15 +1000]: > * having the tb add this to the list of permitted uploaders for > /ubuntu (but not into ~core-dev)
What does "/ubuntu" mean here? I. e. where should we add this bot? Also, what's the role of https://launchpad.net/~ubuntu-branches here? I thought that was the team that owns all the auto-imports? > Some reasonable concerns have been raised that this does not get as > much to a least-privilege setup as one could desire. In particular: > the new account will be able to upload packages as well as write to > branches: Launchpad does not have separate ACLs for those actions at > present. It should be easy to ascertain that the bot doesn't actually do any dput or ftp'ing, so I'm not too concerned about this as long as it runs in a trusted environment in the DC. At some point we plan to do package builds from branches, so it seems to me that this separation will become smaller or nonexistent in the future. Once that works, how can we ensure that the bot doesn't "accidentally" create a branch which will cause a package build? > On both of these I think it's worth acknowledging that more should be > done in the future, but also that making the importer use its own > account and identity will be a step forward for security and not a > step back. I agree. James already has way more privileges, so it's not a regression. Thanks, Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
signature.asc
Description: Digital signature
-- technical-board mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/technical-board
