On Wed, Mar 27, 2019 at 10:04:47 +0100, Philipp Kern wrote: > Hi, > > On 3/26/2019 10:23 PM, Paul Gevers wrote: > > Kind ping for the question below. > > I am not sure what you are asking. Yes, buildds for security have access > to the embargoed queue and obviously that access cannot reasonably be > shared. Technically I think it's in the purview of ftp-master to approve > new credentials (in this case together with Security team) and for DSA > to provision them. As far as I remember we rely on IP whitelisting today > - at least 99builddsourceslist does not contain logic for passwords > (anymore) and I'm pretty sure DSA autogenerates that list into > ftp-master's apache config. Unfortunately I could not find that > configuration in DSA's Puppet tree (nor on coccia, but this is about > security-master) from a quick glance. I know I have seen it in the past, > but I don't recall where. In any case those two teams are the ones to ask. > The apache config uses the macro defined in https://salsa.debian.org/dsa-team/mirror/dsa-puppet/blob/master/modules/roles/templates/dakmaster/conf-builddlist.erb
Cheers, Julien
