On Wed, Jul 24, 2019 at 2:53 PM Mattia Rizzolo <mat...@debian.org> wrote:
> On Wed, Jul 24, 2019 at 02:48:35PM +0200, Michael Crusoe wrote: > > On Wed, Jul 24, 2019 at 1:14 PM Mattia Rizzolo <mat...@debian.org> > wrote: > > > That's the clear sign of a gpg problem > > > > No error message → clear sign of a specific problem; that is hilarious! > > > > What's the most effective way to nominate this bug for the "paper cut" > > campaign? > > It's not a "paper cut" bug. > If gpg fails to basically validate something (which doesn't mean > "expired key", it clearly means "failed to validate"), nothing can be > said about the file in question. So it's *not* safe for the upload > software to i.e. send back an email, as it can't be sure to whom send > that mail to. The content of the file can't be trusted here. > I would be nice if that error was surfaced during the upload process (client side or server side) -- Michael R. Crusoe