> > > > fedora-installkey (install a key from keyserver into the fedora rpm > > keyring) > > This would be a really good idea! Have you manage to be able to script > the removal of all signatures from that key though, so you can export a > keyfile that wont cause rpm to be b0rked? I have signature removal scripted. However it isn't working. Removing all uid's and all signatures doesn't seem to work correctly, and I haven't been able to strip a key by hand successfully, so I'm stuck. I'd appreciate some help :) > > > fedora-qastart (download srpms+md5sums from bugzilla, verify them, > > verify sources using spectool, output prelimary qa checklist) > > fedora-qatemplate (create a qa template to paste fedora-qatest input > > into, gpg sign it, maybe submit it to bugzilla eventually too) > > > > This would be tough, because there is currently no one standard way of > putting it into bugzilla. Some people use the URL field, while others > post a link to it in the comments, while others (unhappily) never update > that link with package updates and I have to go fishing for it... I'm somewhat successfully downloading stuff from bugzilla. I just download the bugzilla page source, and look for "http://.*\.src\.rpm"; and "http://$1.*md5.*";. For the stuff I've tried, it works well. This way it only catches clickable links. If we want it to catch url field entries as well, it wouldn't be a difficult change. I'm sure there are some entries that will confuse it, but they could be coded around. I'd say we should just make a format that we expect .src.rpm and md5sum announcements in, and ask people to conform to that. I think quick and effective QA will be sufficient incentive. The stuff I have is available at http://www.ilsw.com/~erik/ if anyone is interested. --erik
