On Jul 12, 2011, at 7:50 AM, Yury V. Zaytsev wrote: > Hi! > > On Tue, 2011-07-12 at 12:04 +0200, Armin Tüting wrote: > >> Complete! > > Thanks for checking out! > > So, I presume it works for you? I have committed the changes and the > packages should become available in the repository soon. > >> The package update fails when the option "--nogpgcheck" isn't used - >> Package dante-server-1.3.1-1.el5.zyv.i386.rpm is not signed. > > Right, I don't sign test packages that won't go into the repository. >
There's a deep and fundamental flaw here that someone (not me) needs to pay attention to. This is the 2nd report of interactions between signature checking and dependencies I'm aware of. The previous issue fixed a signature failure by removing a Provides: dependency. This issue is fixing a dependency issue by not checking signatures. There should be _NO_ interaction between dependencies and signature/digest verification. The fact that there is (now multiple reports) an interaction hints at a deeper (and probably fairly serious) flaw. hth 73 de Jeff _______________________________________________ users mailing list [email protected] http://lists.repoforge.org/mailman/listinfo/users
