On Thu, Mar 09, 2006 at 01:35:05AM -0800, Don Armstrong wrote: > On Thu, 09 Mar 2006, Anthony Towns wrote: > > In the mail to the DPL I mentioned above, James outlined three > > fairly significant technical changes that could be implemented to > > make the job easier, and could be done by anyone, without requiring > > any special priveleges; and also noted why he doesn't believe it's > > technically feasible to have the keyring maintained by multiple > > people, and how that could be fixed. > Could this mail (or the practical upshot of it) be made public?
I'll leaving posting the mail itself to Branden or James if they chose, since I only had a copy to comment on any wording that wasn't clear. On Thu, Mar 09, 2006 at 11:47:18AM +0200, Kalle Kivimaa wrote: > What would these three things be? I might be interested in tackling > some of them. So first one was the spam problem, keyring-maint is a well-known address, and mails that are meant to go to it could be in all sorts of weird formats. There's already magic debian.org handling that'll drop stuff without a pseudo-header in the mail (for [EMAIL PROTECTED]), or without a specific tag in the subject which should mostly solve the problem, which mostly requires working out some tags/headers and making sure all the appropriate documentation is updated. The second was to get rt setup to, uh, track requests -- it's waiting on the first thing (since rt sends auto-replies, and auto-replies to spam is bad, mmmkay), and possibly also lacks a debian.org machine that can be its host. The third thing was to develop some new scripts to manage debian-keyring.gpg in a more componentised manner -- rather than one huge blob, have many small files that are independently auditable (this is the key for "[EMAIL PROTECTED]", it's authorised because it came via [EMAIL PROTECTED] after blah lost their key in a tragic accident involving a watermelon, it's signed by foo and bar...). The scripts to manage all this have to be simple, obviously correct and secure, and also fast enough to be usable. Apparently there's been some mention of this on -private; I'm not sure when. Cheers, aj
signature.asc
Description: Digital signature
