tb approval for package importer robot account (LP: #524173)
Matt Zimmerman
mdz at canonical.com
Thu Jun 9 08:13:37 UTC 2011
On Thu, Jun 09, 2011 at 02:15:04PM +1000, Martin Pool wrote:
> There is a robot in <http://package-import.ubuntu.com/status/> that
> synchronizes source packages into Ubuntu package branches.
>
> At the moment, this runs in james_w's personal account, since that's
> how he originally set it up. This is suboptimal for a bunch of
> reasons, amongst which are that the imported revisions appear to have
> been personally created by James; that it has credentials to
> impersonate James in other ways (eg tweaking bugs); and that it will
> break if for any reason James ceases involvement with Ubuntu.
>
> This is <https://bugs.launchpad.net/udd/+bug/524173>.
>
> I'd like to fix this now by:
>
> * creating a new bot account with an email address called say
> package-import at canonical.com, with mail to that account going to (say)
> canonical-bazaar
> * creating an API key and SSH key for that account
> * switching the package import to use that account
> * having the tb add this to the list of permitted uploaders for
> /ubuntu (but not into ~core-dev)
>
> Some reasonable concerns have been raised that this does not get as
> much to a least-privilege setup as one could desire. In particular:
> the new account will be able to upload packages as well as write to
> branches: Launchpad does not have separate ACLs for those actions at
> present. Secondly, the service is not yet fully LOSA maintained,
> though there is a ticket asking for it to become so (canonical rt
> 39614).
>
> On both of these I think it's worth acknowledging that more should be
> done in the future, but also that making the importer use its own
> account and identity will be a step forward for security and not a
> step back. It won't gain any extra privileges as a result of those
> changes, it will lose access to other things James can do, and it will
> be easier to track.
>
> If you see any problems or object to this, please let me know.
Thanks for the details, including the risk assessment. This seems no worse,
and probably an improvement, on the current setup, so I'm fine with it.
--
- mdz
More information about the technical-board
mailing list