I put my comment on the last bug via email before I noticed it had morphed into a different problem. So I'll repeat here:
buildd_secret is entirely internal and should never, ever be exposed anywhere. There is code to auto-generate it via the UI and this should be duplicated in the API call.
I put my comment on the last bug via email before I noticed it had morphed into a different problem. So I'll repeat here:
buildd_secret is entirely internal and should never, ever be exposed anywhere. There is code to auto-generate it via the UI and this should be duplicated in the API call.