Launchpadlib support in Ubuntu Developer Tools
jw+debian at jameswestby.net
Wed Jan 14 15:43:12 GMT 2009
On Wed, 2009-01-14 at 14:54 +0000, Jonathan Davies wrote:
> So far the tool looks for:
> 1) See if a $LPCREDENTIALS variable has been set and use that file,
> 2) If there is a lp_credentials.txt file in the current directory,
> 3) A default path (in this case ~/.cache/lp_credentials.txt).
> For all the files it finds; it searches through them until it finds the
> right consumer key for a token and uses that for authentication
> (ubuntu-dev-tools for requestsync, for example).
I hadn't realised you could store more than one set of credentials in
> > What happens if the user doesn't have credentials set up? Does the tool
> > ask them to run manage-credentials?
> I've improved the error message so that it asks people to see the
> manage-credentials manpage.
> > Also, has there been any thought to allowing different credentials for
> > different tools? requestsync obviously needs write access, but not to
> > private data, other tools won't need write access, and some may need
> > access to private data.
> I think that having just write access to public data would be enough for u-d-t.
> However people can create new tokens with m-c if they need it.
On the principle of least privilege if something doesn't need write
access then it shouldn't be given write access.
I agree that private data probably doesn't need to be accessed by
things currently in ubuntu-dev-tools, but I don't think that will always
For instance lpmadison will be able to query PPAs (because you only
need about 4 extra lines of code to do so), and being able to
interrogate any private PPAs you have will be useful for some.
I agree that you can create new tokens, but could we perhaps make the
experience a bit slicker? For instance if
exists then use that. If not then fall back to the general ones. If I
want finer grained control then I would be expected to use the
The script will know whether it needs write access, so perhaps if
it does it could look for "ubuntu-dev-tools-write" or similar.
Obviously this means more effort is required in setting up credentials,
so I'm not sure the last part is needed, but I think supporting
script-specific credentials like I mentioned above could be useful.
More information about the ubuntu-devel