On Sat, Nov 15, 2014 at 03:48:57PM +0100, Dimstar / Dominique Leuenberger wrote:
Marcus,
On Sat, 2014-11-15 at 15:38 +0100, Marcus Meissner wrote:
Hi,
I am not entirely happy with removing it from the build.
What advantage do you see compared to the test happening once when you check it in? (or when submitted to Factory, the test runs again). The sig won't become invalid on any subsequent checks without changes.
The chance that the tarball is later modified (and the signature checking would not be changed) is small.
But I have to agree that it makes some sense with the source validator enforcing it these days.
Right - that's the idea here
FWIW, I am fixing gpg-offline, which you did not bother to do.
sure, fixing it was option 1, which i listed. The few fixes I submitted are for ring packages; there is likely more breaking in Factory. if gpg_verify is now fixed already, we'll just hide them all (of course the fix is still a good thing - I would just not do it in a rush - fixes coming from you are of course not excluded from being accepted)
Avoiding failing builds is priority 1. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org