On Fri, 2010-04-09 at 08:38 -0400, Bill Davidsen wrote:
> The rpm kernel-2.6.33.1-19.fc13_2.6.33.1-24.fc13.x86_64.drpm downloaded, then it
> looks as if it created an rpm by applying the delta and decided the rpm wasn't
> signed? And there's also an rpm kernel-2.6.33.1-24.fc13.x86_64.rpm, which I
> assume is the rpm created by the delta.
>
> Is this some download error, or is there another problem with unsigned packages
> getting into the repos? I did repeat the download, same CRC...
Seems worthy to add a package acceptance criteria to the Package Update
Acceptance Criteria [1] similar to the following:
* Packages must be signed with a valid Fedora GPG signature
I guess one could argue that the existing criteria "Packages must be
able to install cleanly" would include valid signatures. But it doesn't
hurt to be specific here.
Comments/concerns/ideas?
Thanks,
James
[1] https://fedoraproject.org/wiki/Package_update_acceptance_criteria
Attachment:
signature.asc
Description: This is a digitally signed message part
-- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
