Comment 7 for bug 2012516

@xnox: This sort of thing probably isn't impossible, but it would require great care to avoid information leaks, because Launchpad mustn't give access to private resources as part of CI jobs that the people who own the repository couldn't get in some other way. This gets difficult to analyse when the owner is a team: what if some members of the team have access to a private resource and some don't? What if their access changes between the time the CI job was set up and the time that it runs? We've had similar problems elsewhere in the past. It's not easy to see how all the edge cases here would work, and unfortunately getting privacy right is all about the edge cases.

The usual practice in Launchpad is that the owner of the distribution/project that contains private resources is able to see who has access to them, and withdraw access if they need to (on the +sharing page). That isn't necessarily incompatible with what you're suggesting, but it does require quite a bit of thought.

In the shorter term, I'm much more comfortable with having a way to manage a generic secret dictionary of tokens that are passed through to the build, leaving the issuing of those tokens up to whoever's setting up the CI job, than I am with having Launchpad automatically issue the tokens itself. We do already have mechanisms for issuing reasonably-suitable tokens for both git repositories and PPAs.