Comment 1 for bug 1550280

Martin Pitt (pitti) wrote :

This requires some changes to several components:

 - Credentials for the PPA need to be passed as part of the AMQP request, perhaps extending the syntax to "lpuser/ppaname/password". The worker would then generate setup commands to add an apt source with the necessary lpuser@password in the apt archive .
 - Requests containing a password must be disguised on running.shtml; i. e. it is ok to know that there is a test running for a private package, but not expose the test name or parameters. (Similar to what buildds do)
 - Note that this will expose the PPA credentials to operators of the infrastructure, i. e. people with ssh access to the infrastructure (me, Iain Lane, Adam Conrad, Steve Langasek, Stephane Graber)
 - The swift container for the destination PPA must not be public

It is still unclear how to expose the swift results to the right people, as the Launchpad teams are not available/exposed on Openstack credentials. Thus for each PPA we must file an RT to create an Openstack user, hand out that secret to the corresponding team, and change it whenever the team changes.