New package gpg signature acceptance test (was Latest FC13 kernel rejected as unsigned)

James Laska jlaska at
Fri Apr 9 12:55:35 UTC 2010

On Fri, 2010-04-09 at 08:38 -0400, Bill Davidsen wrote:
> The rpm kernel- downloaded, then it 
> looks as if it created an rpm by applying the delta and decided the rpm wasn't 
> signed? And there's also an rpm kernel-, which I 
> assume is the rpm created by the delta.
> Is this some download error, or is there another problem with unsigned packages 
> getting into the repos? I did repeat the download, same CRC...

Seems worthy to add a package acceptance criteria to the Package Update
Acceptance Criteria [1] similar to the following:

      * Packages must be signed with a valid Fedora GPG signature

I guess one could argue that the existing criteria "Packages must be
able to install cleanly" would include valid signatures.  But it doesn't
hurt to be specific here.  



-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : 

More information about the test mailing list