Am 19.06.2013 14:42, schrieb Jan Engelhardt:
On Wednesday 2013-06-19 09:07, Marcus Meissner wrote:
If it is not checked at build time, how is one supposed to know that the data committed to the srcserver is actually untampered.. A question for all the verification promoters ;-)
After talking with coolo I now implemented a check also in the obs-service-source_validator
- It looks for *.keyring files and imports them. - If found, it looks for *.sig and *.asc files and verifies them.
Please do support transparent decompression, for the case of
linux-3.9.6.tar.sig linux-3.9.6.tar.xz
You don't want to uncompress that tarball whenever you do osc ci or osc build (times when the source validator runs). So perhaps an extra service only run by default in factory-auto is the thing to do (just like we do for download_files). Greetings, Stephan -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org