Enable s390x for 'juju' snaps

Asked by Nicholas Skaggs

I'd like to have s390x builds available for the juju snap. It currently employs two launchpad builders;

https://launchpad.net/~jujuisquality/+snap/juju-beta

and

https://launchpad.net/~jujuisquality/+snap/juju

As with our official ppa's, we'd like to ensure we are providing an s390x snap as well.

Question information

Language:
English Edit question
Status:
Expired
For:
Launchpad itself Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Colin Watson (cjwatson) said :
#1

Can you tell us who has access to the ~jujuisquality account? Since it's not a team, and the comment on the SSH key refers to somebody no longer employed by Canonical, it's not entirely clear.

Revision history for this message
Nicholas Skaggs (nskaggs) said :
#2

I've made the account a member of https://launchpad.net/~juju-packaging. The credentials are shared amongst the team like other bots. Those who have access to our private repo could see these credentials. I'm happy to discuss further lockdowns as needed.

Revision history for this message
Colin Watson (cjwatson) said :
#3

Whether it's a member of another team is immaterial. The important thing is to ensure that no non-Canonical employees will ever have access to its credentials. The reason for this is that there's no good sandboxing on s390x builders at present, so any leaks could allow people to silently compromise future Ubuntu builds.

I can't see the repository in question, so I can't tell whether it's private to Canonical, or private to a group that includes Canonical employees and others.

I'd also recommend not putting credentials into a distributed repository, even if it's private. Doing so makes it much easier for them to leak accidentally, possibly without people realising (consider if somebody's laptop is stolen: they'll probably change their own password, but not necessarily think of credentials present in repositories they had checked out). Could you change the credentials to ones that are managed more securely than that?

Revision history for this message
Launchpad Janitor (janitor) said :
#4

This question was expired because it remained in the 'Needs information' state without activity for the last 15 days.