ubuntu-appstore-developers team mailing list archive

Thread
Date

Re: Server-side plan

To: Ricardo Kirkner <ricardo.kirkner@xxxxxxxxxxxxx>
From: James Tait <james.tait@xxxxxxxxxxxxx>
Date: Fri, 31 May 2013 13:09:38 +0100
Cc: ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx
In-reply-to: <CAE0EdS6ZREzYqnzXbENm8VuDWz1SM5Ynw4eq_7C7rJhWrcpB7A@mail.gmail.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri 31 May 2013 12:58:54 BST, Ricardo Kirkner wrote:
> 
> On Fri, May 31, 2013 at 8:05 AM, James Tait
> <james.tait@xxxxxxxxxxxxx <mailto:james.tait@xxxxxxxxxxxxx>>
> wrote:
>> updates (writes) will only be allowed from trusted sources, i.e.
>> Software Centre Agent and possibly the Click Upload/Download
>> Service.
> 
> How is this auth supposed to work? Shall we add authentication to
> the request itself (for SCA) or will this be allowed based on an
> IP address check? If the former, what kind of auth shall we use,
> plain, oauth?

I was thinking probably oauth, though I expect when it comes to deploy
time there'll be IP address restrictions too.

JT
- -- 
James Tait, BSc. | https://launchpad.net/~jamestait/
Software Engineer, Canonical Online Services, Web and Ops Team
Ubuntu - Linux for human beings | www.ubuntu.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlGokwIACgkQyDo4xMNTLiYcKgCfV79CKsLeIRhNWkeMmLkxeBr8
f+YAmQF0oAZ2abNuGNIJCp8Wr2H94H5o
=yyZw
-----END PGP SIGNATURE-----

References

Server-side plan
From: Martin Albisetti, 2013-05-30
Re: Server-side plan
From: Michael Nelson, 2013-05-31
Re: Server-side plan
From: James Tait, 2013-05-31
Re: Server-side plan
From: Ricardo Kirkner, 2013-05-31