On 29.12.2012 21:03, D.Morgan wrote:
On Sat, Dec 29, 2012 at 7:49 PM, Kamil Rytarowski <[email protected]> wrote:
Hello!
Could we add a trigger to prevent unsigned packages from being uploaded?
I've faced again bunch of unsigned packages.. and when I was trying to
rebuild plexus-i18n against missing signature, with bumping the release -
the build system said it's already built with that version [1].
How is it possible? I have checked the history of this package.. and it was
never released as the version in the build system.
Am I missing something? Was there an attack and a package injection?
Kamil
[1]
http://svnweb.mageia.org/packages/cauldron/plexus-i18n/current/SPECS/plexus-i18n.spec?r1=268801&r2=335589
fixed
Thank you
