On 10. 11. 22 14:24, Panu Matilainen wrote:
On 11/10/22 15:05, Miro Hrončok wrote:
> Hello Panu, Copr folks,
>
> In
https://copr.fedorainfracloud.org/coprs/ksurma/docutils-0.19/build/5030501/
>
> We see:
>
> Error: Transaction test error:
> package python3-pytest-7.1.3-1.fc38.noarch does not verify: Header RSA
> signature: BAD (package tag 268: invalid OpenPGP signature)
> package python3-docutils-0.19-1.fc38.noarch does not verify: Header RSA
> signature: BAD (package tag 268: invalid OpenPGP signature)
>
> Those are packages built in the copr.
>
Okay, AFAICS those would be
https://download.copr.fedorainfracloud.org/results/ksurma/docutils-0.19/f...
and
https://download.copr.fedorainfracloud.org/results/ksurma/docutils-0.19/f...
They are not the usual SHA1 case, both are RSA/SHA256 signed so this looks like
an actual bug. Please report on bugzilla so it gets properly tracked and we
have a place to direct people to.