launchpad-dev team mailing list archive

[James Westby <jw+debian@xxxxxxxxxxxxxxx>]

On Wed Oct 07 11:31:42 +0100 2009 Christian Robottom Reis wrote:
> On Wed, Oct 07, 2009 at 11:11:14AM +0100, James Westby wrote:
> > That changes the security assurances that we have for packages, you
> > are now relying on SSH keys rather than GPG keys. Are they believed
> > to give us the same assurances?
> 
> I don't know the answer to that, but I want to underline that changing
> the GPG requirement is a /possibility/ of allowing SSH uploads. We could
> also allow people to use SSH but still require GPG-signed packages and
> rock the boat slightly less during that change. Doing that may require
> comparing SSH and GPG keys to verify the owners match, but it's an easy
> step forward.

Indeed, and that is something that I would support, the reason you
gave below among others.

> > Is this change driven by concerns over the current process for binary uploads
> > from the buildds?
> 
> Well, one driver of it is being able to provide synchronous
> authentication feedback to the uploader; today anonymous FTP means fire
> and forget and if we can't validate the GPG key, we can't send email
> back to the uploader (we don't know who he is!) and that leads to
> support issues of the sort "where's my upload". Other sorts of more
> synchronous feedback would be possible in this model.

Thanks,

James