On 31.01.2018 01:11, Ansgar Burchardt wrote: > I'm not sure if buildds are already configured to upload to the security > archive via ssh as they do for the main archive. It might be a good > idea to do so.
What's the requirement here? I think traditionally we use machine-local SSH authorized_keys for role accounts. So we already provision keys to every buildd that allows it to talk to wanna-build, but I'm not sure how we'd maintain that with another host. Especially one that presumably can be repointed? Maybe this is more of a question for DSA, but I don't know what the current setup entails and if you wrote your own SSH daemon for uploads. In that case we should be able to figure something out. Alternatively I suppose DSA could also provide something through stunnel, but then I think we'd be back to encrypted FTP. Kind regards and thanks Philipp Kern
