Random thoughts/crazy idea: Drop SSL certs
Pierre-Yves Chibon
pingou at pingoured.fr
Mon Apr 27 17:12:51 UTC 2015
On Mon, Apr 27, 2015 at 10:21:57AM -0400, Colin Walters wrote:
> On Mon, Apr 27, 2015, at 09:45 AM, Pierre-Yves Chibon wrote:
> >
> > This has lead me to the question: Is this all what SSL certs are bringing us?
>
> I think the ability to do a commit should be thought of as equivalent to the ability
> to do a build - because anyone who can commit something to a package will
> cause it to be implicitly included in the build that another person does
>
> That implies build access should be gated by SSH key, not by API token or
> SSL certificate. (Or alternatively the commit authentication method changed
> to match whatever is chosen for build)
But we allow new-comers to make scratch-build on koji before they are in the
packager group. Giving them the opportunity to test their build in real
condition.
Using ssh could also become problematic for application like koschei no?
Pierre
More information about the rel-eng
mailing list