Bileto PPA upload rejections are lost to the ether

Bug #1633608 reported by Robert Bruce Park on 2016-10-14
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Bileto
Undecided
Robert Bruce Park
Launchpad itself
High
Colin Watson

Bug Description

When bileto uploads a package to a PPA, if the upload is rejected, the only rejection is mailed to the bileto bot email address, which is unmonitored.

It would be nice if the email could instead be sent to the email address listed in debian/changelog, which bileto sets to the SSO email address of the person who ran the job, eg, the person who triggered the upload.

I understand that in the general case you wouldn't want to send mails to that address for many reasons (it can be trivially spoofed, people upload other people's packages all the time, etc). So it would be Really Nice (TM) if there could be a short whitelist of bot gpg keys for which the rejection mails are sent not to the address on the gpg key or the lp account of the gpg key but instead the address written by the bot into debian/changelog.

Thanks!

Related branches

Colin Watson (cjwatson) wrote :

A whitelist of GPG keys is only one way to solve your problem, and I think it's probably not the best one.

We already change behaviour based on whether the archive is a primary archive or not. One possibility would be to notify Maintainer+Changed-By in the case of devirtualised archives, since those are already treated as quasi-primary in other cases, although this would admittedly be a hack.

What I'd really prefer, though, is a way to encapsulate the notion that the bot is acting on behalf of somebody else, which is not information that is currently communicated via the .changes. It would be within bileto's power to pass something like --changes-option=-DLaunchpad-Notify-Changed-By=yes (just an example, don't implement this yet!), and for Launchpad to notify the address in Changed-By (which typically comes from the changelog) if it finds that field in the .changes file. How would that suit you? I think it's reasonably elegant and it wouldn't in general cause backscatter when naïve users upload unmodified versions of packages to their PPAs, which is the main reason we don't notify Changed-By today.

Robert Bruce Park (robru) wrote :

I'm open to stamping flags in the packaging, sure.

Colin Watson (cjwatson) on 2016-10-16
Changed in launchpad:
assignee: nobody → Colin Watson (cjwatson)
importance: Undecided → High
status: New → In Progress
Colin Watson (cjwatson) wrote :

I've opened a bileto task since it will need to add the appropriate field to .changes. Please don't do this until the Launchpad task reaches "Fix Committed", though, since the details may change before then.

Launchpad QA Bot (lpqabot) wrote :
tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
Robert Bruce Park (robru) wrote :

Alright, what's the plan here? I need to add "--changes-option=-DLaunchpad-Notify-Changed-By=yes" to my dpkg-buildpackage invocation?

Colin Watson (cjwatson) wrote :

Yes, exactly that. I've tested that approach on dogfood and it produces correct results.

tags: added: qa-ok
removed: qa-needstesting
Changed in bileto:
status: New → Fix Released
assignee: nobody → Robert Bruce Park (robru)
Colin Watson (cjwatson) on 2016-11-09
Changed in launchpad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers