launchpad-reviewers team mailing list archive
-
launchpad-reviewers team
-
Mailing list archive
-
Message #00860
[Merge] lp:~lifeless/launchpad/private-librarian into lp:launchpad
The proposal to merge lp:~lifeless/launchpad/private-librarian into lp:launchpad has been updated.
Description changed to:
The basic idea is to have an https librarian that uses an access token for a time limited period, rather than proxying on the appservers which is terrible in several ways that aren't all that relevant except to say its hard to improve and incompatible with our peformance goals.
So in this model, we hand out a token when someone (including wget) accesses a private attachment on launchpad, and issue a temporary redirect (over ssl) to https://filehash.launchpadlibrarian.net/...file?token=xxxxx
The token goes in the session DB, the garbo cleans that up, and we all are happy happy happy.
Oh, and the librarian rejects requests without a token for private files.
We can't use OAuth because then the OAuth token would be attackable by content in the private librarian.
RT 41202 contains the request for wildcard DNS keys.
The remaining work to make this fully reviewable is to:
- change the url to include the filehash in the domain for restricted files
- get the librarian doing its thing with this
- provide a migration method so that we can deploy this code in advance of the ssl certs being ready etc. I suspect a config option is best for now because feature-flags in the librarian is untested as yet.
- profit
--
https://code.launchpad.net/~lifeless/launchpad/private-librarian/+merge/31020
Your team Launchpad code reviewers is requested to review the proposed merge of lp:~lifeless/launchpad/private-librarian into lp:launchpad.
References