https://bugzilla.redhat.com/show_bug.cgi?id=1834731 --- Comment #90 from Simone Caronni <negativo17@xxxxxxxxx> --- Any idea how to solve it? - Editing SHA256SUM.asc to remove signatures with revoked keys involves prior manual work and then does not match the one included in the release folder. - Just checking all keys throws an error due to revoked keys. - Just checking one key throws an error due to missing keys (same as above). I think the best is to add a script like the one above and add a comment in the SPEC file on how to verify the signature and not actually check it. This means the package maintainer must do the proper due diligence before pushing sources to the lookaside cache. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component https://bugzilla.redhat.com/show_bug.cgi?id=1834731 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
