LEP/ActivatingDevelopmentFromDesktop

Not logged in - Log In / Register

Activating Development from the Desktop

As a opportunistic Ubuntu developer
I want to quickly get set up to upload packages and share branches
so that make cool stuff for Ubuntu

Opportunistic development tools like Quickly need to be able to help people who are not already set up for Ubuntu development by giving them a Launchpad account to which they can push branches and upload packages. This means generating and uploading an SSH key, a GPG key, signing the code of conduct and creating a PPA.

Rationale

Canonical wants to see people making cool new applications and delivering them as quickly as possible to Ubuntu desktop users. Launchpad is a fundamentally important part of that, since it's the mechanism by which developers share code with other developers and packages with their users.

This helps people who are not yet Launchpad users become Launchpad users in a very convenient way.

Stakeholders

Constraints and Requirements

Must

Must not

Security constraints

Subfeatures

Other LaunchpadEnhancementProposals that form a part of this one.

Workflows

Set up a fresh user for Ubuntu development (happy case)

From a desktop client, like Quickly, a user with a brand new Launchpad account can be set up for a PPA:

  1. Quickly generates an SSH key pair
  2. Quickly registers the public SSH key against that user with Launchpad
  3. Launchpad pops up the OAuth dialog, confirming that the user allows this level of access
  4. The user indicates agreement (probably by clicking "Change anything")
  5. Launchpad registers that SSH key, then emails the user (see below)
  6. Quickly generates a GPG key pair if it cannot find one for the user
  7. Quickly registers the public GPG key against that user with Launchpad
  8. Launchpad registers that GPG key, then emails the user (see below)
  9. Quickly displays the code of conduct to the user and asks them whether they agree to it
  10. If they do, Quickly signs the code of conduct with the user's newly-made GPG key, then posts the signed code of conduct to Launchpad
  11. Launchpad registers that the user has signed the code of conduct and emails the user (see below)
  12. Quickly creates a PPA for the user over the Launchpad API
  13. Quickly displays to the user their PPA URL and details about their new GPG key and SSH key, and tells the user how they can push branches and upload to their PPA.

New SSH key email

Hello Didier Roche,

Launchpad has just added a new SSH key to your account:
  $SSH_KEY_DETAILS

This key was added by you using (the Launchpad web site|$APPLICATION_NAME).

If you did _not_ add this key, or it was added by mistake, remove it now by clicking:
  $SSH_KEY_REMOVAL_URL

Otherwise, you do not need to take any action.

Now that your key is registered, you can use it to:
 * push branches to Launchpad
 * upload packages via SFTP to archive.launchpad.net

For more information, see https://help.launchpad.net/SSHKey.

Love,
Launchpad

Salient points:

Success

We will measure how well we've done by:

References

Thoughts?

Security risk

GPG and SSH keys are used to authenticate users for specific services. There is a big risk with allowing applications other than the website create new channels of authentication. Specifically, an application can, once trusted, create as many SSH keys and GPG keys as it likes, and then send the private keys to a malicious person. This malicious person can then use those keys to assume the identity of their victims, at least wrt sending emails, pushing branches and uploading packages.

This risk can be mitigated in two ways:

  1. Inform users via a reliable channel whenever new authentication methods are added to their account, thus giving them the opportunity to revoke those methods or to investigate the threat.
  2. Provide a new level of access control to the webservice that allows applications to add new authentication methods. Users would have to specifically grant such privileges to an application that needs them.

These options are complementary, not exclusive.

If we are going to send such an email, we should send it to the oldest, most-trusted address.

LEP/ActivatingDevelopmentFromDesktop (last edited 2010-09-16 10:40:17 by jml)