Am 2019-09-24 00:30, schrieb Albert Astals Cid:
El dijous, 19 de setembre de 2019, a les 14:49:53 CEST, Tom Albers va
escriure:
I'ld also like to add that currently some developers have access to do
releases directly - I've also seen those people putting the files on
the ftp-server for other projects then the original intention had
been.
I would like to propose that *all* releases should follow the below
proposal, effectively that would involve that the direct access would
be cancelled for those currently having access to the ftp-server
directly.
This means an improved paper trail for those releases too and further
reduces the effect of compromised accounts and / or tarballs.
-1 this just makes it harder for us that have 200 packages to release
for no real reason.
If my gpg/ssh keys gets compromised, what difference does it make that
i upload directly to the ftp-server or to the "sysadmin please upload
this" server?
When I read the proposal there is possibly just one thing missing:
If all checks pass (signing etc.) _AND_ the gpg key is already in the
list of trusted keys, then just do it (no manual verifying needed).
Or am I missing something obvious?
Eike
