Hello! Could we add a trigger to prevent unsigned packages from being uploaded?
I've faced again bunch of unsigned packages.. and when I was trying to rebuild plexus-i18n against missing signature, with bumping the release - the build system said it's already built with that version [1].
How is it possible? I have checked the history of this package.. and it was never released as the version in the build system.
Am I missing something? Was there an attack and a package injection? Kamil [1] http://svnweb.mageia.org/packages/cauldron/plexus-i18n/current/SPECS/plexus-i18n.spec?r1=268801&r2=335589
