Control: forwarded -1 https://salsa.debian.org/ftp-team/dak/-/merge_requests/270
Hi, On Wed, 09 Mar 2016 19:36:02 +0100 Moritz Muehlenhoff <[email protected]> wrote:
Package: ftp.debian.org Severity: wishlist This was discussed at one of the past security team meetings, but there was never a bug for that: (This is a first high level view, the exact requirements can be hashed out later.) Right now to release a security update one needs shell access on security-master. It would be great to allow the release of a security update via a PGP-signed control message (similar to how changes files need to be signed to allow uploads). The next step would then be an ACL mechanism where trusted DDs can be granted the possibility to release DSAs on their own (after the security team having acked the debdiff). (This also needs some tweaks for the debian-security-announce moderation script, but that's unrelated to this task.
There's now a MR at [1] that should address the ACL for dak. Feel free to comment if you have any feedback.
Cheers, Emilio [1] https://salsa.debian.org/ftp-team/dak/-/merge_requests/270
