FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 04-26-2011, 09:03 AM
Arno Töll
 
Default DM upload permissions in detail

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi there,

I've been asking this question on debian-mentors before, but people
involved into this process might be better addressed through d-d, so I
hope you don't mind as I got there no answer so far.

I was wondering what the exact requirements for DM uploads to the Debian
archive are. The Wiki tells [1]:

"Packages signed by a key in the debian-maintainers keyring will be
accepted if the [..] the previous version of the package contains this
maintainer's primary UID"

Now, what's exactly meant by primary UID? The primary GPG UID? If yes,
am I right when I assume signing a package with a non-primary GPG UID
or even more with a sub key won't work to fulfill DM upload rights?

I took a look into the dak source:


fpr = get_fingerprint(self.pkg.changes['fingerprint'], session=session)
...

def check_dm_upload(self, fpr, session):
...
rej = False
...
# uploader includes the maintainer
accept = False
for uploader in r.uploaders:
(rfc822, rfc2047, name, email) = uploader.get_split_maintainer()
# Eww - I hope we never have two people with the same name
in Debian
if email == fpr.uid.uid or name == fpr.uid.name:
accept = True
break

This seems to support my assumption as only a single, i.e. the first UID
of the fingerprint is verified for DM upload permissions. Given that the
following fictional key would not work:


pub 1024D/.... 2004-07-07
Key fingerprint = ... ... ... ... ...
uid John Doe <john@example.com>
uid John Doe <john@example.net>
sub 1024g/... 2004-07-07
sub 4096R/... 2011-01-01
sub 4096R/... 2011-01-01

when the 4k sub key altogether with the example.net UID would be used to
sign packages, right? That would be bad and a pure artificial
constraint. On the other hand good to know now, before I actually tried
to get DD signatures for that key


[1] http://wiki.debian.org/DebianMaintainer

- --
with kind regards,
Arno Töll
GnuPG Key-ID: 0x8408D4C4
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJNtop0AAoJELBdpXvEXpo90+oP/Rmu5jGGdymZN1RKbxt3hu55
Tet1+IZ5t+eora5+Q5dUaiBVc2qUAY9ZSGyV5+SDzPFYygbOzs jVKkiB5RknLHcD
HA+e30J2MLSnqGFCx9uzmRtni75I6PnPqGIEcnzDwdGfCqwK2+ srWnHF6604s7/s
VfuGMzKVrz4nftrKMC9j4fd/urqgW+AtzeB1Zpp6c22vH8PIy67wZi1v0kTymNsE
+VzgfLXb7jWBRBznOTyUsk6LZC0If695VVCmBLy4snElThEpuH dVF6vK1rFxzaSD
iLtl1+VnVVYAsBLJk87FQ11KWtKIROIAf0lV51NyyeSdpa8mgQ laGinRIrRuAL9d
+vZmwBQtzzhYvit57okowQnVs6isZjfnLywDmpkcF77ZMUpw+e arlqvwhkLzUxLN
kcAccDO4HrHNxHiVxV/jC4DEnhmRbwnr47CYFLhuuAWmmrRlCrOLKk5N81d4G8MN
ChlfwPt4ho3yGsBef76/Pchm3G6qMEWXzGUAT8HNvdK4DMkJHJpSmr6Hp30RGgrE
AM8Zt3fyAF2C259HKuhx4qkkGCCmz6f8EtQhHmWo42UZ+Etsqb gijemhbY9S+V4W
Ax20bFLcRLI7phFgbCLwzamJ7COTqGMh+D6C0usv9dOZd2S4gh eS6pf86L1CqxgJ
mWpPrwl/mzlNEIXaxr6q
=7UWP
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4DB68A75.8040306@toell.net">http://lists.debian.org/4DB68A75.8040306@toell.net
 
Old 04-26-2011, 02:06 PM
Torsten Werner
 
Default DM upload permissions in detail

Hi Arno,

Am -10.01.-28163 20:59, schrieb Arno Töll:
> Now, what's exactly meant by primary UID? The primary GPG UID? If yes,
> am I right when I assume signing a package with a non-primary GPG UID
> or even more with a sub key won't work to fulfill DM upload rights?

the first UID with an email address is used by dak. It can be changed
manually if there is a good reason for such a change. Please file a bug
report against ftp.debian.org if you need such a change.

Cheers,
Torsten


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4DB6D17E.2070009@debian.org">http://lists.debian.org/4DB6D17E.2070009@debian.org
 
Old 04-26-2011, 03:09 PM
Philipp Kern
 
Default DM upload permissions in detail

On 2011-04-26, Torsten Werner <twerner@debian.org> wrote:
> Am -10.01.-28163 20:59, schrieb Arno Töll:
>> Now, what's exactly meant by primary UID? The primary GPG UID? If yes,
>> am I right when I assume signing a package with a non-primary GPG UID
>> or even more with a sub key won't work to fulfill DM upload rights?
> the first UID with an email address is used by dak. It can be changed
> manually if there is a good reason for such a change. Please file a bug
> report against ftp.debian.org if you need such a change.

The "first" being the one with the newest self-sig?

Kind regards
Philipp Kern


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: slrnirdo17.9ee.trash@kelgar.0x539.de">http://lists.debian.org/slrnirdo17.9ee.trash@kelgar.0x539.de
 
Old 04-26-2011, 08:34 PM
Arno Töll
 
Default DM upload permissions in detail

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Torsten,
On 26.04.2011 16:06, Torsten Werner wrote:
> the first UID with an email address is used by dak. It can be changed
> manually if there is a good reason for such a change. Please file a bug
> report against ftp.debian.org if you need such a change.

Thanks for your answer. Good to hear there is at least the possibility
to come around this issue. Now I am curious what such a good reason
would be. Let's say would "I don't want to be spammed on my primary UID,
hence I use for Debian correspondence another e-mail address" within the
same key pair a valid reason?

I am no DM (yet), I just wanted to make things clear in advance as I
want to approach DD signings soon.


- --
with kind regards,
Arno Töll
GnuPG Key-ID: 0x8408D4C4
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJNtyxPAAoJELBdpXvEXpo9ulgQALU/0wZuMFNcq05tClOOST3m
Q612qxSXHr/0gfPDOZ57I3MBHcax9b4qG+j4hTeWSboi5beswpMyIoVmH0UVh 4V6
WpzKjxIIj9KTr3xd5su/AgniXcNm6xb0w3BvxwiD2F7BfsL4nYIwmjeVyWYqd29N
KnAHcbmP4aaf1UjPS+yvOjm2s8eKp2vpgFRFvNBeXkwQkLDeHZ MvV430JE8/oIuA
M+3PVl93C5z7n2LtAB0i7XPZVKSBgYNAQTpCCwyJnrF/YNUOXIr3ih94/M0zzXY3
SnBhTrnxWAHPOqo+JbjEfs5g/LTH4TOBRugdFwAni0Sg/Zy4ozvECtj/b4og0geq
ZgUE3HhoY+z2JuXiH0q2nr50VZ9c0qeCOzvYRYLzB720nbiOr9 PItiCgB2ivte11
nJnvN9LaJdU+VdkPTMkt90SexKLJJ2f+2JdpjD+QjJHRmTzZFj SXDfrOWUq/Xc6J
pX3aNrc8XHOY6zjPoStBKClUV47MSGiC0LoYvGrr+dZFgsjwRx 0SgdMYNkNeJHeC
neFRRdnZ4OnoNcA+W4h0+az2kH9m7nuL+NmNSDnIC9SclfV30d fWLbNGs1cgy1uu
AhTdiY7FalOZob8UjYkHhx+nC9U1ai8azOZwOl58irktAUYl8I Za8eTWt+7l25St
vWybQc+jzIUvmMNe4i2b
=WlAM
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4DB72C4F.3000100@toell.net">http://lists.debian.org/4DB72C4F.3000100@toell.net
 
Old 04-27-2011, 12:58 AM
Ben Finney
 
Default DM upload permissions in detail

Torsten Werner <twerner@debian.org> writes:

> Hi Arno,
>
> Am -10.01.-28163 20:59, schrieb Arno Töll:
> > Now, what's exactly meant by primary UID? The primary GPG UID? If
> > yes, am I right when I assume signing a package with a non-primary
> > GPG UID or even more with a sub key won't work to fulfill DM upload
> > rights?
>
> the first UID with an email address is used by dak. It can be changed
> manually if there is a good reason for such a change. Please file a
> bug report against ftp.debian.org if you need such a change.

Why is an additional reason needed? Why isn't it sufficient that the
person wants to sign with that UID?

Surely one of the main purposes of multiple UIDs on a key is to allow
different UIDs for different purposes, and the issue of when and why a
particular UID is used is solely the decision of the owner of the key.

--
“I may disagree with what you say, but I will defend to the |
` death your right to mis-attribute this quote to Voltaire.” |
_o__) —Avram Grumer, rec.arts.sf.written, 2000-05-30 |
Ben Finney


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87y62wmrwn.fsf@benfinney.id.au">http://lists.debian.org/87y62wmrwn.fsf@benfinney.id.au
 
Old 04-27-2011, 08:28 AM
Torsten Werner
 
Default DM upload permissions in detail

Am -10.01.-28163 20:59, schrieb Philipp Kern:
> On 2011-04-26, Torsten Werner <twerner@debian.org> wrote:
>> the first UID with an email address is used by dak.
>
> The "first" being the one with the newest self-sig?

No, just the 'first' one.

Torsten


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4DB7D3B3.4000702@debian.org">http://lists.debian.org/4DB7D3B3.4000702@debian.org
 
Old 04-27-2011, 08:31 AM
Torsten Werner
 
Default DM upload permissions in detail

Am -10.01.-28163 20:59, schrieb Arno Töll:
> I am no DM (yet), I just wanted to make things clear in advance as I
> want to approach DD signings soon.

You could create a new key for your Debian work but you would lose
existing signatures.

Torsten


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4DB7D46D.8010906@debian.org">http://lists.debian.org/4DB7D46D.8010906@debian.org
 
Old 04-27-2011, 09:09 AM
Simon McVittie
 
Default DM upload permissions in detail

On Tue, 26 Apr 2011 at 22:34:23 +0200, Arno Töll wrote:
> Thanks for your answer. Good to hear there is at least the possibility
> to come around this issue. Now I am curious what such a good reason
> would be. Let's say would "I don't want to be spammed on my primary UID,
> hence I use for Debian correspondence another e-mail address" within the
> same key pair a valid reason?

Since the code snippet you quoted will accept a match for either the
"real name" part or the email part, you could just add a secondary UID
with the same (spelling of your) name but a Debian-specific email address.
That's what I did before I became a DD, for much the same reason.

In other words, this would be fine:

John Doe <john@example.com>
John Doe <john-debian@example.com>

but this wouldn't work:

John Doe <john@example.com>
Jonathan Frederick Doe <john-debian@example.com>

Regards,
S


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20110427090953.GA27145@reptile.pseudorandom.co.uk" >http://lists.debian.org/20110427090953.GA27145@reptile.pseudorandom.co.uk
 
Old 04-27-2011, 10:19 AM
Thomas Hochstein
 
Default DM upload permissions in detail

Ben Finney schrieb:

>> the first UID with an email address is used by dak. It can be changed
>> manually if there is a good reason for such a change. Please file a
>> bug report against ftp.debian.org if you need such a change.
>
> Why is an additional reason needed? Why isn't it sufficient that the
> person wants to sign with that UID?

Because such a change needs manual intervention, I presume.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: ldd.1104271219.1583@thorondor.akallabeth.de">http://lists.debian.org/ldd.1104271219.1583@thorondor.akallabeth.de
 
Old 04-27-2011, 11:21 AM
Arno Töll
 
Default DM upload permissions in detail

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Simon,

On 27.04.2011 11:09, Simon McVittie wrote:
> Since the code snippet you quoted will accept a match for either the
> "real name" part or the email part, you could just add a secondary UID
> with the same (spelling of your) name but a Debian-specific email address.
> That's what I did before I became a DD, for much the same reason.

thanks a lot for this hint, this may work. Let's just hope no name
clashes appear now or in future, since this would require the code
snippet to be changed.

- --
with kind regards,
Arno Töll
GnuPG Key-ID: 0x8408D4C4
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJNt/wrAAoJELBdpXvEXpo9a4kQAJ+Oy6ernjEVaJJCNn3Msi4o
TnL33q6nBqXNy8/ip+QdKhG+vXWArCNyA8XO4RLvE5TlnpokxvhJZNbePvXLeTaL
gZ2r7lZBRnOcijS0GTz3/jYSCqjH98JMfJ8xZLl/+XMAgKW7vb+lIbd5T6nruBes
VXlF5Rl+IIGBFGrFxXHZI+MZMLVZj0AzeMjpJuP2V/cPsG2HlroFbkl1mQmGSQ4q
r6nNlTDZgJxgCnukuwu5cAd7174AljwO07jDsbsNnICmGlj5GP AZBMRYEZRZUSHd
jKR7SqM8OcW45EUtshizoXEtE48bJpIB3sDUxN+HArW7DT6KN/n2uB48wHTz59lC
MJBg3jMBxMGJnxV+2b1U/sdvAV0Vb8NeHXYGT73UE4o831/dMbnNX7gtaMe/9KXL
USEQEMTueihiTCy1fgA2o2LTPaqE7gCVRROaApGDm1hshnygpn FGZs9QwZQ831ZG
F/2HWK3zwGXdE2hqXJhIcXsT77U5Be8kUd04/NDGbgYaoMGvBJlQv0sMlQDywBXF
dtiLI1gl9paWtqkUDX00nIX+4v/mxAg/CHUpZRjobHkOeq33d3HOX8QCwphmdOpy
Q3wyt28829jw+L7fAw+HGO/EwONICpWZH6QfAZCQwGNXeeIAJKg0K+oMbTq8Dr0c
a0O/1xj3U05aCFI/zZfS
=cLK+
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4DB7FC2B.6030200@toell.net">http://lists.debian.org/4DB7FC2B.6030200@toell.net
 

Thread Tools




All times are GMT. The time now is 04:45 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org