- Package:
- devscripts
- Source:
- devscripts
- Description:
- scripts to make the life of a Debian Package maintainer easier
- Submitter:
- Paul Wise
- Date:
- 2019-09-24 10:18:04 UTC
- Severity:
- wishlist
Please add a new script for contributors to do self-service give-backs from the command-line, perhaps something like this: wanna-build-sso gb --packages foo bar baz --architectures amd64 i386 --suites unstable experimental Here is a copy of the announcement and blog post for your reference: https://lists.debian.org/msgid-search/8b000c23ac2defbfeea7d5a0bc28ec2e3df55baa.camel@debian.org Self-service buildd givebacks ----------------------------- Philipp Kern has created[1] an *experimental* service that allows Debian members to perform self-service retries of failed package builds (aka give-backs). This service aims to reduce the time it takes for give-back requests to be processed, which was done manually by the wanna-build admins until now. The service is authenticated using the Debian Single Signon[2] service. Debian members are still expected to act responsibly when looking at build failures; do your due diligence and try reproducing the issue on a porterbox first. Access to this service is logged and logs will be audited by the admins.
user devscripts@packages.debian.org usertags 940930 new tags 940930 moreinfo thanks For the log, there is already one tool that uses SSO to authenticate, namely `nmcli`, used by FD, DAM, etc to query stuff on nm.d.o. Also, I wrote a thing (incompleted) to be able to schedule builds on tests.reproducible-builds.org, also using SSO client certificates. But, the future of SSO is currently uncertain, I prefer if the Debian SSO would first finish their thing, and assure me that client certificates will stay, as it's currenly not at all clear. I don't want to include a tool in devscripts, that may already start failing in 1 or 2 years. Till then, I consider this request stalled with "moreinfo".
I guess that depends entirely on when browsers delete their support for client certificates. They've been breaking them more and more over time.
Haven't both chromium and firefox already dropped it? At least chromium did it more than a year ago, but it's quite easy to issue a new cert by using openssl manually.
I don't know about Chromium but I can still login to Debian services using client certificates in Firefox.
*Using* the certs still works everywhere and I suspect it will for a very long time, given how many institutions use them. What is being removed is the part producing the certs.
Given how they intentionally make support for them worse over time and don't improve the terrible UI situation, it seems very likely they are going to work towards removing them from browsers completely. I'm tempted to file an issue proposing a removal timeline myself just so that there is a decision about whether to support or remove them.