canonical-ci-engineering team mailing list archive

[Evan Dandrea <evan.dandrea@xxxxxxxxxxxxx>]

Are we making sure that submission does not require a token? I would
think that just updating metadata or cancelling tickets requires auth,
no?

I ask because this would be a divergence from dput, where all you need
is a signed package to make a successful submission (bogus submissions
can be dumped asynchronously server-side). I'm assuming we can prevent
spoofing by checking that the provided signature is from the key for
the user specified in LP.

Does implementing the frontend submission service make any of this easier?

https://app.asana.com/0/14737058697498/