Hi Vasyl, On 22-01-2023 22:33, Vasyl Gello wrote:
Assuming I would like to test the package interacting with some proprietary third-party service on the web (like Kodi PVR addon), is there any mechanism protecting of account details so that autopkgtest machines can read them while outside world can not. Docker / podman / GitHub / GitLab all have the "secrets" command for exactly that purpose.I think adding the common GPG key for Debian autopkgtest infrastructureand exposing only the public key part of it to the public access (so everyone can encrypt the account details for autopkgtest but not decrypt them) is worththe efforts. What do you think?
If I understand the proposal correctly, it's both src:debci (to manage the key) and src:autopkgtest (to use it) that would need to grow support for this. I'm personally not going to work on this any time soon, but I'm pretty sure we'll accept reasonable patches.
Paul
OpenPGP_signature
Description: OpenPGP digital signature
