Release 2.91~beta-1
Dmitry Bogatov
KAction at debian.org
Fri Nov 23 16:01:18 GMT 2018
(wish there were such thing as "reply to many emails at once")
[2018-11-21 15:06] Ian Jackson <ijackson at chiark.greenend.org.uk>
> tl;dr: Being a DD is enough. No special access is required.
>
> Longer explanation:
>
> When you run `dgit push' it will want to use your pgp key to sign not
> only the .dsc and the .changes but also a couple of git tags.
>
> It will then use your ssh private key to ssh to the dgit git server,
> which knows the ssh public keys of DDs. (The public key list is the
> same as used for DD access to porterboxes, DD-only servers, etc.)
> (The ssh key check is mostly there to defend the repo from DoS type
> attacks; the primary permission check is done by verifying the pgp
> signature on the tag.)
In our case I will definitely use `dgit push-source', but in case of NEW
I am a bit worried about automatic signed tags.
What if my package foo_1.2.3-1 get rejected? I will need to make changes
and re-upload, but I already have `debian/1.2.3-1' tag, published. How
would I amend situation?
More information about the Debian-init-diversity
mailing list