Sources published in a private ppa are downloadable by any subscriber
Bug #919241 reported by
Dustin Kirkland
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Triaged
|
Low
|
Unassigned |
Bug Description
We have a commercial Launchpad license, with which we are using private PPAs to build binary packages.
However, part of our code is proprietary (sorry, but that's how it goes).
We love using Launchpad for building our binary packages, but unfortunately we're not able to do so for our proprietary bits because Launchpad publishes the sources along with the binaries.
What we really, really need is an option in each Private PPA configuration that would allow the PPA owner to "disable" publishing the resulting source packages.
Thanks!
:-Dustin
summary: |
- provide an option to no publish sources in a private ppa + Sources published in a private ppa are downloadable by any subscriber |
Changed in launchpad: | |
status: | New → Triaged |
importance: | Undecided → High |
Changed in launchpad: | |
status: | Triaged → Fix Released |
Changed in launchpad: | |
status: | Fix Released → Triaged |
To post a comment you must log in.
This is how I would implement this:
* Add a publish_sources BOOL on the Archive table (this needs a release to production before more code can be written)
* Add that to model/interface code
* Add the new field to the +edit form in the browser code but make sure it can only be changed by private PPAs using field validators.
These are small changes and at this point you will be able to edit and save the flag. Optionall you can add an API method for it but I'd not bother for now.
* Split Distribution. getPendingPubli cationPPAs( ) into two sub-methods that return the sources and binaries separately. soyuz/scripts/ publishdistro. py, it can be changed to pull in pending binaries and then optionally UNION with the pending sources depending on the archive's publish_sources flag.
* Fix test breakage that calls this method.
* The method is called from lib/lp/
* Add tests for this scenario.
This way you'll have PENDING sources forever if the flag is not set, but it reflects reality and I prefer that. You can also get the sources published if the flag is re-set.
My only question is around domination. Perhaps William can comment on this approach.