Web lists-archives.com

Re: Auto-update for sid? Auto-backport?




Steffen Möller writes ("Re: Auto-update for sid? Auto-backport?"):
> On 18.11.17 01:12, Jeremy Bicha wrote:
> But you are right, an external service is a safe bet as a first start that
> we do not need to vote about - nor would I need to ask ;) However,
> any such automation is something, if brought closer to Debian, that
> has the potential to change us quite a bit. I felt that more than one
> individual should be involved and at least should I myself be the
> one to set it up, I would want (most of) you (all) to want it.

Personally, I think this general direction has so much potential that
it might even become so good that I would use it for packages for
which I am myself the upstream.

For now, though, the right next step is to probably have a general
purpose automatic thing running on DSA infrastructure, with enough
compartmentalisation between different packages that it doesn't have
to trust them all.

As for automatically uploading to Debian: we already have the right
technical infrastructure in the core parts of the project.  It's very
simple, conceptually: we make a trusted "approval" machine which:

  verifies upstream signatures and source code operations, based on
  information in the existing version of teh package in sid

  automatically makes a signature on the source-only upload
  using its own gpg key

  does dput

And the upload goes through because

  the auto-puller's gpg key is in the DM keyring

  the auto-puller's service name and email address
  is in the Uploaders for the package

  the package has DM uploads enabled

Oh, I have one more wishlist item: pls make it use dgit for its
uploads kthxbye.

Ian.

-- 
Ian Jackson <ijackson@xxxxxxxxxxxxxxxxxxxxxx>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.