[Mageia-dev] Problem with missing signatures
Kamil Rytarowski
n54 at gmx.com
Sat Dec 29 19:49:54 CET 2012
Hello!
Could we add a trigger to prevent unsigned packages from being uploaded?
I've faced again bunch of unsigned packages.. and when I was trying to
rebuild plexus-i18n against missing signature, with bumping the release
- the build system said it's already built with that version [1].
How is it possible? I have checked the history of this package.. and it
was never released as the version in the build system.
Am I missing something? Was there an attack and a package injection?
Kamil
[1]
http://svnweb.mageia.org/packages/cauldron/plexus-i18n/current/SPECS/plexus-i18n.spec?r1=268801&r2=335589
More information about the Mageia-dev
mailing list