[Mageia-dev] Problem with missing signatures
pterjan at gmail.com
Sat Dec 29 20:11:36 CET 2012
On Sat, Dec 29, 2012 at 6:49 PM, Kamil Rytarowski <n54 at gmx.com> wrote:
> Could we add a trigger to prevent unsigned packages from being uploaded?
> I've faced again bunch of unsigned packages.. and when I was trying to
> rebuild plexus-i18n against missing signature, with bumping the release -
> the build system said it's already built with that version .
> How is it possible? I have checked the history of this package.. and it was
> never released as the version in the build system.
> Am I missing something? Was there an attack and a package injection?
It seems someone manually uploaded the package on December 1st, after
building it on a machine named karamel, this seems to be dmorgan's
More information about the Mageia-dev