New package gpg signature acceptance test (was Latest FC13 kernel rejected as unsigned)

Bill Nottingham notting at
Fri Apr 9 19:26:54 UTC 2010

James Laska (jlaska at said: 
> > The process flow is:
> > 
> > 1. package is built in koji
> > <any delay from maintainer>
> > 2. update is submitted in bodhi
> > <delay until next push>
> > 3. package is signed
> > <then nearly instantaneously>
> > 4. package is pushed
> When you say "package is pushed", do you mean pushed to the requested
> repo (updates vs updates-testing)?


> From a user-perspective, having to use --skip-broken seems just as bad
> as using --nogpgcheck.  But if I understand correctly, given the
> workflow above we don't have a mechanism to enforce this in the QA
> space?

We can enforce it in the mash configuration that's used by bodhi and/or
the branched compose process.


More information about the test mailing list