On Tue, Jun 28, 2005 at 07:06:51PM +0200, Mathieu Roy wrote: > > To improve security, there will be automated verification of GPG signed files > contained in projects download areas soon. > > Projects will not be forced to sign their files, indeed, but encouraged to do > so. Signed files that could not be verified will be moved in subdirectories > named /maybe-corrupted. > > This automated check is not in production yet since it appears that several > projects have GPG signed files that cannot be verified because their project > members have not registered their GPG key through Savane yet. > > Automated checks will be activated next week so it is important that projects > members register their GPG keys at > https://gna.org/account/change.php?item=gpgkey > > If you want to know more about this issue, check the FAQ. > > > > The verification failed for the following files: > -------------------------------------------------------
I think we'll get a lot more of this, say, within a year or two, when several GPG keys will expire. Usually people do not re-sign old downloads when they renew their keys :/ -- Sylvain _______________________________________________ Project mailing list [email protected] http://mail.gna.org:8080/listinfo/project
