Launchpadlib support in Ubuntu Developer Tools

James Westby jw+debian at
Wed Jan 14 15:43:12 GMT 2009

On Wed, 2009-01-14 at 14:54 +0000, Jonathan Davies wrote: 
> So far the tool looks for:
>   1) See if a $LPCREDENTIALS variable has been set and use that file,
>   2) If there is a lp_credentials.txt file in the current directory,
>   3) A default path (in this case ~/.cache/lp_credentials.txt).
> For all the files it finds; it searches through them until it finds the
> right consumer key for a token and uses that for authentication
> (ubuntu-dev-tools for requestsync, for example).

Ok, thanks.

I hadn't realised you could store more than one set of credentials in
a file.

> > What happens if the user doesn't have credentials set up? Does the tool
> > ask them to run manage-credentials?
> I've improved the error message so that it asks people to see the
> manage-credentials manpage.


> > Also, has there been any thought to allowing different credentials for
> > different tools? requestsync obviously needs write access, but not to
> > private data, other tools won't need write access, and some may need
> > access to private data.
> I think that having just write access to public data would be enough for u-d-t.
> However people can create new tokens with m-c if they need it.

On the principle of least privilege if something doesn't need write 
access then it shouldn't be given write access.

I agree that private data probably doesn't need to be accessed by
things currently in ubuntu-dev-tools, but I don't think that will always
be true.

For instance lpmadison will be able to query PPAs (because you only
need about 4 extra lines of code to do so), and being able to 
interrogate any private PPAs you have will be useful for some.

I agree that you can create new tokens, but could we perhaps make the 
experience a bit slicker? For instance if


exists then use that. If not then fall back to the general ones. If I
want finer grained control then I would be expected to use the
environment variable.

The script will know whether it needs write access, so perhaps if
it does it could look for "ubuntu-dev-tools-write" or similar.

Obviously this means more effort is required in setting up credentials,
so I'm not sure the last part is needed, but I think supporting
script-specific credentials like I mentioned above could be useful.



More information about the ubuntu-devel mailing list