From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <mjw@gnu.org>
Received: from eggs.gnu.org (eggs.gnu.org [209.51.188.92])
 by sourceware.org (Postfix) with ESMTPS id 084233851C27
 for <libc-alpha@sourceware.org>; Fri,  1 Jul 2022 11:05:21 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 084233851C27
Received: from fencepost.gnu.org ([2001:470:142:3::e]:60190)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjw@gnu.org>)
 id 1o7ERv-00076V-LN; Fri, 01 Jul 2022 07:05:01 -0400
Received: from 83-87-18-245.cable.dynamic.v4.ziggo.nl ([83.87.18.245]:51240
 helo=tarox.wildebeest.org)
 by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mjw@gnu.org>)
 id 1o7ERm-0006qj-1d; Fri, 01 Jul 2022 07:04:27 -0400
Received: by tarox.wildebeest.org (Postfix, from userid 1000)
 id 625BF4000C41; Fri,  1 Jul 2022 13:04:23 +0200 (CEST)
Message-ID: <fe5320375e77e119356761371f5e544e8a914146.camel@gnu.org>
Subject: Re: patchwork upgrade week
From: Mark Wielaard <mjw@gnu.org>
To: DJ Delorie <dj@redhat.com>
Cc: siddhesh@gotplt.org, libc-alpha@sourceware.org, carlos@redhat.com
Date: Fri, 01 Jul 2022 13:04:23 +0200
In-Reply-To: <xnilomja06.fsf@greed.delorie.com>
References: <xnilomja06.fsf@greed.delorie.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Evolution 3.28.5 (3.28.5-10.el7) 
Mime-Version: 1.0
X-Spam-Status: No, score=-3.8 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, SPF_HELO_PASS, SPF_PASS,
 TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jul 2022 11:05:22 -0000

Hi DJ,

On Mon, 2022-06-27 at 13:23 -0400, DJ Delorie wrote:
> Mark Wielaard <mjw@gnu.org> writes:
> > If not, how else can we authenticate a patch as "OK to let the
> > buildbot do a try build?"
>=20
> The method we're using to add this type of authentication is GPG-
> signed
> emails.  I.e. an authorized user would reply to the patch email, in the
> reply give a command to their runners, and sign the command.  The system
> would authenticate the signature and authorize the runners to act as
> instructed.  Example:
> [...]
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>=20
> %cicd buildbot expensive-hosts . . .
> -----BEGIN PGP SIGNATURE-----
> . . .
> -----END PGP SIGNATURE-----
>=20
> Each runner decides whose commands they honor, and which, and how.  The
> curator manages the authentication, so only one keyring is needed.

OK, so in this case the runner would be the buildbot builders and they
would simply trust that the curator did the authentication. Is the
authentication status part of the event that the trybot receives?

Thanks,

Mark