Discussion:
Bug#736859: dput: Please set the default transport to use ssh-upload
(too old to reply)
Micah Anderson
2014-01-27 19:50:01 UTC
Permalink
Package: dput
Version: 0.9.6.4
Severity: normal

It would be nice if ssh-upload were the default transport for uploading files in debian. Is there a particular reason why it isn't set as the default now?

thanks,
micah

-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages dput depends on:
ii gnupg 1.4.16-1
ii python 2.7.5-5

dput recommends no packages.

Versions of packages dput suggests:
ii lintian 2.5.21
pn mini-dinstall <none>
ii openssh-client 1:6.4p1-2
ii rsync 3.1.0-2

-- Configuration Files:
/etc/dput.cf changed [not included]

-- no debconf information
--
To UNSUBSCRIBE, email to debian-bugs-dist-***@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact ***@lists.debian.org
Daniel Kahn Gillmor
2018-11-27 15:30:01 UTC
Permalink
Post by Micah Anderson
It would be nice if ssh-upload were the default transport for
uploading files in debian. Is there a particular reason why it isn't
set as the default now?
While ssh-upload is clearly better than FTP and I would like to see it
1. Only Debian Developers can use it, as DM do not have an account;
We surely have ssh keys for most DMs these days, via gitlab,
monkeysphere, or some other mechanism. Maybe we could we grant those
DMs access?

Alternately, can we provide anonymous ssh access to ssh-upload and just
be done with the whole FTP mess once and for all? it's 2018, and far
too much of the Internet is actively hostile to cleartext traffic.

Even OpenBSD's CVS server uses anonymous ssh for access these days:

https://www.openbsd.org/anoncvs.html
2. It does not support the DELAYED queue.
If it doesn't support the DELAYED queue, that should be fixed. is there
a reason that DELAYED isn't available via ssh-upload?

--dkg
Ben Finney
2019-02-10 07:50:01 UTC
Permalink
Control: tags -1 + moreinfo
Post by Daniel Kahn Gillmor
We surely have ssh keys for most DMs these days, via gitlab,
monkeysphere, or some other mechanism. Maybe we could we grant those
DMs access?
If I understand this suggestion, it seems out of scope for this bug
report. Would you re-post that suggestion for discussion where it
might result in action?
Post by Daniel Kahn Gillmor
2. It does not support the DELAYED queue.
If it doesn't support the DELAYED queue, that should be fixed. is
there a reason that DELAYED isn't available via ssh-upload?
I don't know; Paride, is this problem already reported in some bug
report? Which one?
--
\ “I must say that I find television very educational. The minute |
`\ somebody turns it on, I go to the library and read a book.” |
_o__) —Groucho Marx |
Ben Finney <***@debian.org>
Daniel Kahn Gillmor
2019-02-11 15:40:01 UTC
Permalink
Control: clone 736859 -2
Control: retitle -2 ftp.debian.org
Control: severity -2 wishlist
Control: retitle -2 Please grant DMs sftp/scpb access to ssh.upload.debian.org
Post by Ben Finney
Post by Daniel Kahn Gillmor
Post by Micah Anderson
It would be nice if ssh-upload were the default transport for
uploading files in debian. Is there a particular reason why it isn't
set as the default now?
While ssh-upload is clearly better than FTP and I would like to see it
1. Only Debian Developers can use it, as DM do not have an account;
We surely have ssh keys for most DMs these days, via gitlab,
monkeysphere, or some other mechanism. Maybe we could we grant those
DMs access?
If I understand this suggestion, it seems out of scope for this bug
report. Would you re-post that suggestion for discussion where it
might result in action?
The default dupload target for debian is described this way in
/etc/dupload.conf:

$cfg{'ftp-master'} = {
fqdn => 'ssh.upload.debian.org',
method => 'scpb',
incoming => '/srv/upload.debian.org/UploadQueue/',
distblacklist => qr/^(?:UNRELEASED|.*-security$)/,
# Files pass on to dinstall on ftp-master which sends emails itself.
dinstall_runs => 1,
};

According to Paride above, DMs cannot use this useful queue because
debian doesn't know about their ssh keys.

Please enable scpb access to ssh.upload.debian.org for Debian
Maintainers based on ssh keys that we know about for them -- either by
pulling them from salsa, from monkeysphere, or some other mechanism.

Thanks for maintaining the debian upload queues!

--dkg
Daniel Kahn Gillmor
2019-02-11 15:40:01 UTC
Permalink
Post by Daniel Kahn Gillmor
The default dupload target for debian is described this way in
$cfg{'ftp-master'} = {
fqdn => 'ssh.upload.debian.org',
method => 'scpb',
incoming => '/srv/upload.debian.org/UploadQueue/',
distblacklist => qr/^(?:UNRELEASED|.*-security$)/,
# Files pass on to dinstall on ftp-master which sends emails itself.
dinstall_runs => 1,
};
it also says:

# ----------------
# Global variables
# ----------------

# The host to use if no --to option is used.
our $default_host;

my $vendor = get_current_vendor();
if ($vendor eq 'Debian') {
$default_host = 'ftp-master';
} elsif ($vendor eq 'Ubuntu') {
$default_host = 'ubuntu';
}

So perhaps this bug report can be closed, since ssh.upload.debian.org
does appear to be the default target for dupload today? i don't know
when that changed.

Micah, can you verify that the defaults are fixed properly?

--dkg
micah anderson
2019-02-13 17:20:02 UTC
Permalink
Post by Daniel Kahn Gillmor
Post by Daniel Kahn Gillmor
The default dupload target for debian is described this way in
If I install dput, I do not have an /etc/dupload.conf, and rather I see
this in /etc/dput.conf:

[DEFAULT]
login = *
method = ftp
hash = md5

...

[ftp-master]
fqdn = ftp.upload.debian.org
incoming = /pub/UploadQueue/
login = anonymous
allow_dcut = 1
method = ftp

...

That seems like it is using ftp as default to me.
Post by Daniel Kahn Gillmor
So perhaps this bug report can be closed, since ssh.upload.debian.org
does appear to be the default target for dupload today? i don't know
when that changed.
That may be true about dupload, but dupload is a different package, and
this was about dput.
--
micah
Daniel Kahn Gillmor
2019-02-14 13:10:01 UTC
Permalink
Control: clone 736859 -2
Control: retitle -2 dput-ng: Please set the default transport to use ssh-upload
Post by micah anderson
Post by Daniel Kahn Gillmor
So perhaps this bug report can be closed, since ssh.upload.debian.org
does appear to be the default target for dupload today? i don't know
when that changed.
That may be true about dupload, but dupload is a different package, and
this was about dput.
Sorry for the distraction about dupload! You're clearly right that dput
is a separate package, i don't know what i was thinking.

I note that dput-ng also appears to default to FTP-based upload, since
/etc/dput.d/profiles/ftp-master.json has: "default_host_main":
"ftp-master" (so i'm cloning this bug over there to recommend that
dput-ng also default to ssh.upload.d.o)

but the fact that dupload defaults to ssh.upload is promising, and
suggests that it's not the end of the world for a comparable tool to use
a sensible default.

Could the dput or dput-ng maintainers weigh in on what is needed to make
this change?

--dkg
Ben Finney
2020-01-14 02:40:01 UTC
Permalink
Control: reassign -1 dput-ng
Post by Daniel Kahn Gillmor
Control: clone 736859 -2
Control: retitle -2 dput-ng: Please set the default transport to use ssh-upload
--
\ “The basic fact about human existence is not that it is a |
`\ tragedy, but that it is a bore.” —Henry L. Mencken |
_o__) |
Ben Finney <***@debian.org>
Mattia Rizzolo
2020-01-14 10:40:02 UTC
Permalink
Post by Daniel Kahn Gillmor
Could the dput or dput-ng maintainers weigh in on what is needed to make
this change?
As the de-facto dput-ng maintainer, I won't do that until DMs can use
it.

I've talked with enrico multiple times about getting Debian accounts for
all DMs as well, but we never managed to get DSA down to a table and
figure their requirements (so you can get an idea, the fact that nm.d.o
asks for an username even when applying for DM when there is no need for
it, it's was a tentative step in that direction).
--
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
More about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
micah anderson
2020-01-14 14:40:01 UTC
Permalink
Post by Daniel Kahn Gillmor
Could the dput or dput-ng maintainers weigh in on what is needed to make
this change?
As the de-facto dput-ng maintainer, I won't do that until DMs can use
it.
I think it is a good goal to get DMs to be able to use it, but what is
the reason to keep DDs from using it until DMs can?

thanks!
--
micah
Mattia Rizzolo
2020-01-14 15:10:01 UTC
Permalink
Post by micah anderson
I think it is a good goal to get DMs to be able to use it, but what is
the reason to keep DDs from using it until DMs can?
DDs are very free to change the default in their configuration if they
wish so that much
 I believe all uploading tools let they do that.
--
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
More about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
Ben Finney
2019-02-10 07:40:02 UTC
Permalink
Control: severity -1 wishlist
Control: outlook -1 0
Control: tags -1 + moreinfo

The Debian infrastructure support for SSH upload may not be good
enough to be the default transport for this tool.
While ssh-upload is clearly better than FTP and I would like to see
it as the default upload method too, it still has two important
1. Only Debian Developers can use it, as DM do not have an account;
2. It does not support the DELAYED queue.
--
\ “I was trying to daydream, but my mind kept wandering.” —Steven |
`\ Wright |
_o__) |
Ben Finney <***@debian.org>
Francesco Poli
2019-03-03 16:40:01 UTC
Permalink
On Sun, 10 Feb 2019 18:35:09 +1100 Ben Finney <***@debian.org> wrote:
[...]
Post by Ben Finney
The Debian infrastructure support for SSH upload may not be good
enough to be the default transport for this tool.
While ssh-upload is clearly better than FTP and I would like to see
it as the default upload method too, it still has two important
1. Only Debian Developers can use it, as DM do not have an account;
2. It does not support the DELAYED queue.
I have a question: which are the upload methods currently supported by
ftp.upload.debian.org (or by ftp.eu.upload.debian.org)?

Can https be used by DMs?
Can this be made as the new default?


It may look like a stupid question, but I honestly failed to find the
answer by searching myself (on the web and/or in Debian
documentation)... :-(
--
http://www.inventati.org/frx/
There's not a second to spare! To the laboratory!
..................................................... Francesco Poli .
GnuPG key fpr == CA01 1147 9CD2 EFDF FB82 3925 3E1C 27E1 1F69 BFFE
Mattia Rizzolo
2020-01-14 10:40:02 UTC
Permalink
Post by Daniel Kahn Gillmor
Could the dput or dput-ng maintainers weigh in on what is needed to make
this change?
As the de-facto dput-ng maintainer, I won't do that until DMs can use
it.
Oh, and BTW, the delayed queue works over SSH since the upload host
became usper.debian.org last year or so. :)
--
regards,
Mattia Rizzolo

GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
More about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
Loading...