Hi All,

Unless I'm confused (which I'm never willing to rule out as a possibility), the GPG signing key for the network project on OBS was updated recently. I discovered this while trying to install network:ha-clustering:Stable/cluster-glue on an FC19 VM. The install failed with:

... Downloading packages: warning: /var/cache/yum/x86_64/19/network_ha-clustering_Stable/packages/cluster-glue-1.0.11-3.1.x86_64.rpm: Header V3 DSA/SHA1 Signature, key ID 7b709911: NOKEY Retrieving key from http://download.opensuse.org/repositories/network:/ha-clustering:/Stable/Fed...

The GPG keys listed for the "Stable High Availability/Clustering packages (Fedora_19)" repository are already installed but they are not correct for this package. Check that the correct key URLs are configured for this repository.

Failing package is: cluster-glue-1.0.11-3.1.x86_64 GPG Keys are configured as: http://download.opensuse.org/repositories/network:/ha-clustering:/Stable/Fed...

So I triggered a rebuild of that package, and was then able to install it with no problems, but this raises the question: if a signing key for a project is updated, do we need something to automatically re-sign all packages in that project? Seems a bit sucky to have to manually trigger a rebuild...

Thanks,

Tim