Bileto PPA upload rejections are lost to the ether
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Bileto |
Fix Released
|
Undecided
|
Robert Bruce Park | ||
Launchpad itself |
Fix Released
|
High
|
Colin Watson |
Bug Description
When bileto uploads a package to a PPA, if the upload is rejected, the only rejection is mailed to the bileto bot email address, which is unmonitored.
It would be nice if the email could instead be sent to the email address listed in debian/changelog, which bileto sets to the SSO email address of the person who ran the job, eg, the person who triggered the upload.
I understand that in the general case you wouldn't want to send mails to that address for many reasons (it can be trivially spoofed, people upload other people's packages all the time, etc). So it would be Really Nice (TM) if there could be a short whitelist of bot gpg keys for which the rejection mails are sent not to the address on the gpg key or the lp account of the gpg key but instead the address written by the bot into debian/changelog.
Thanks!
Related branches
- William Grant: Approve (code)
-
Diff: 146 lines (+70/-2)2 files modifiedlib/lp/soyuz/mail/packageupload.py (+18/-1)
lib/lp/soyuz/mail/tests/test_packageupload.py (+52/-1)
Changed in launchpad: | |
assignee: | nobody → Colin Watson (cjwatson) |
importance: | Undecided → High |
status: | New → In Progress |
Changed in bileto: | |
status: | New → Fix Released |
assignee: | nobody → Robert Bruce Park (robru) |
Changed in launchpad: | |
status: | Fix Committed → Fix Released |
A whitelist of GPG keys is only one way to solve your problem, and I think it's probably not the best one.
We already change behaviour based on whether the archive is a primary archive or not. One possibility would be to notify Maintainer+ Changed- By in the case of devirtualised archives, since those are already treated as quasi-primary in other cases, although this would admittedly be a hack.
What I'd really prefer, though, is a way to encapsulate the notion that the bot is acting on behalf of somebody else, which is not information that is currently communicated via the .changes. It would be within bileto's power to pass something like --changes- option= -DLaunchpad- Notify- Changed- By=yes (just an example, don't implement this yet!), and for Launchpad to notify the address in Changed-By (which typically comes from the changelog) if it finds that field in the .changes file. How would that suit you? I think it's reasonably elegant and it wouldn't in general cause backscatter when naïve users upload unmodified versions of packages to their PPAs, which is the main reason we don't notify Changed-By today.