Opened 4 months ago

#34371 new task

make a real debian archive

Reported by: anarcat Owned by: tpa
Priority: Low Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Major Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


I often have trouble uploading packages following our procedure here:

For example, just now I have stumbled upon this:

Failed to upload userdir-ldap-cgi_0.3.43~x.tpo.8.dsc to scp: /srv/ Permission denied

That was because there was already a .8.dsc file from a previous ("UNRELEASED") upload. (I feel it was a mistake to upload such a package in the first place, but that's besides the point: this is only one of many ways this procedure can fail on upload.)

The archive also manually handles OpenPGP certifications and rotations, which is sub-optimal, to say the least, from a security perspective.

Instead, we should use well-known software like reprepro or else to manage the repository, with a proper "incoming" queue.

Child Tickets

Change History (0)

Note: See TracTickets for help on using tickets.