We regularly upload packages w/o signatures (last time: bug #5499). It would be nice to send a mail on upload if package lacks signature.
Bug 4925 suggests to reject unsigned RPMs. *** This bug has been marked as a duplicate of bug 4925 ***
Resolution: (none) => DUPLICATEStatus: NEW => RESOLVED
That's not the same issue. The two bug reports are orthogonal: fixing the issue and warn about it (since it kept re-happening)
Status: RESOLVED => REOPENEDResolution: DUPLICATE => (none)
CC: (none) => hhielscher
(In reply to Thierry Vignaud from comment #0) > We regularly upload packages w/o signatures (last time: bug #5499). > It would be nice to send a mail on upload if package lacks signature. Where do you want the mail to be sent to?
CC: (none) => marja11
The uploader + the dev ml (or the sysadm list or both lists)
This could be as simple as a cron job like this that runs every 4 hours: find /distrib/{bootstrap,mirror}/ -xdev -name '*.rpm' -mmin -360 -print0 | xargs -0 -P20 --no-run-if-empty rpm -K | grep -v ' digests signatures OK$' That could raise some false positives (checking partial files), if files are copied instead of being atomically moved into /distrib/bootstrap/ (I'm not sure which is being done).
CC: (none) => dan