Hello oS packaging fellows, I tried to add the signature checking to findutils, but the Base:System --> oS:F request was auto-declined due to a source_validator failure: On 12/29/2015 06:15 PM, Factory Auto wrote:
Visit https://build.opensuse.org/request/show/351211
State of request 351211 was changed by factory-auto:
review -> declined
Comment: Output of check script: Source validator failed. Try "osc service localrun source_validator" gpg: Note: signatures using the MD5 algorithm are rejected gpg: key 64A95EE5: no valid user IDs gpg: Signature made Mon Dec 28 22:47:23 2015 CET using RSA key ID 64A95EE5 gpg: Can't check signature: No public key (E) signature findutils/findutils-4.6.0.tar.gz.sig does not validate
Actions: - submit Base:System/findutils => openSUSE:Factory/findutils
Running the command locally doesn't seem to yield a problem:
$ osc co Base:System/findutils \
&& cd Base:System/findutils
$ osc service localrun source_validator
gpg: public key of ultimately trusted key 96917195 not found
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Signature made Mon 28 Dec 2015 10:47:23 PM CET using RSA key ID 64A95EE5
gpg: Good signature from "James Youngman