Merge ~jugmac00/launchpad:add-security-documentation into launchpad:master
Proposed by
Jürgen Gmach
Status: | Merged |
---|---|
Merge reported by: | Jürgen Gmach |
Merged at revision: | f0c29262ba5e62890467d68b574dc76c8ee5b820 |
Proposed branch: | ~jugmac00/launchpad:add-security-documentation |
Merge into: | launchpad:master |
Diff against target: |
164 lines (+150/-0) 2 files modified
doc/explanation/index.rst (+1/-0) doc/explanation/security.rst (+149/-0) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Colin Watson (community) | Approve | ||
Review via email: mp+447278@code.launchpad.net |
Commit message
Add security documentation
To post a comment you must log in.
I think it would be interesting to say something here about the security of builds, since that's one of the most complex and non-obvious parts of Launchpad's security (after all, we're deliberately executing arbitrary code that can be submitted by anyone with a Launchpad account). https:/ /docs.google. com/document/ d/1im8CMxLRNxtt 5H0zv461kSYSflN -YlxJ1UZG8_ 53D9A is an internal document I wrote up a while back with a lot of this. Not all of it is suitable for being made public (there's a whole section referring to a project that isn't public yet, if nothing else), but perhaps we could start by linking to it and then at least Canonical folks can conveniently see it, and then we can figure out later which bits are OK to put in public documentation.
You could link to https:/ /help.launchpad .net/API/ SigningRequests which has some details about how the OAuth authorization arrangements work for the webservice API.