launchpad-reviewers team mailing list archive

Thread
Date

[Merge] lp:~lifeless/launchpad/private-librarian into lp:launchpad

To: mp+31020@xxxxxxxxxxxxxxxxxx
From: Robert Collins <robertc@xxxxxxxxxxxxxxxxx>
Date: Fri, 03 Sep 2010 04:55:51 -0000
In-reply-to: <20100727052658.19697.42890.launchpad@loganberry.canonical.com>
Reply-to: mp+31020@xxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

The proposal to merge lp:~lifeless/launchpad/private-librarian into lp:launchpad has been updated.

Description changed to:

I'm proposing this to get feedback on the approach - I put it together on the plane so it has had zero discussion so far.

The basic idea is to have an https librarian that uses an access token for a time limited period, rather than proxying on the appservers which is terrible in several ways that aren't all that relevant except to say its hard to improve and incompatible with our peformance goals.

So in this model, we hand out a token when someone (including wget) accesses a private attachment on launchpad, and issue a temporary redirect (over ssl) to https://launchpadlibrarian.net/...file?token=xxxxx

The token goes in the session DB, the garbo cleans that up, and we all are happy happy happy.

Oh, and the librarian rejects requests without a token for private files.

We can't use OAuth because then the OAuth token would be attackable by content in the private librarian.

RT 41202 contains the request for wildcard DNS keys.
-- 
https://code.launchpad.net/~lifeless/launchpad/private-librarian/+merge/31020
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~lifeless/launchpad/private-librarian into lp:launchpad.

References

[Merge] lp:~lifeless/launchpad/private-librarian into lp:launchpad
From: Robert Collins, 2010-07-27