aptly icon indicating copy to clipboard operation
aptly copied to clipboard

Published 20 hours ago verified publisher icon aptly-dev

API: option to restrict inclusion to .changes files.

Open umlaeute opened this issue 4 years ago • 1 comments

add an option to only allow adding of files via a .changes file.

Detailed Description

currently it is possible to directly add .deb-files to a repo via the API.

however i would like to disallow this, and only allow the user to add (via the API) files that have been properly packaged and come with a (possibly signed) .changes file.

i believe that together with #963, this would allow a more secure upload mechanism that relies on signed packages rather than http-auth via a proxy.

Context

mostly i would like to allow uploading of packages autogenerated on a CI to my private apt repository. i don't really trust http-auth for such a task and would like to be able (additionally?) secure the upload by a mechanism, that is already tried and tested for uploads to "Debian proper".

umlaeute avatar Jul 02 '21 07:07 umlaeute

It is important for us, too.

psztoch avatar Jul 13 '22 14:07 psztoch