Bug 900913 - procmail does not build anymore due gpg check which break security update!
Summary: procmail does not build anymore due gpg check which break security update!
Status: RESOLVED FIXED
Alias: None
Product: openSUSE.org
Classification: openSUSE
Component: BuildService (show other bugs)
Version: unspecified
Hardware: All All
: P5 - None : Critical (vote)
Target Milestone: ---
Assignee: Marcus Meissner
QA Contact: Adrian Schröter
URL:
Whiteboard:
Keywords: dogfood
Depends on:
Blocks:
 
Reported: 2014-10-13 12:01 UTC by Dr. Werner Fink
Modified: 2014-10-27 09:37 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dr. Werner Fink 2014-10-13 12:01:41 UTC 
See SR #255633

        Comment: Output of check script:   Source validator failed. Try "osc
               service localrun source_validator"     gpg: Note: signatures
               using the MD5 algorithm are rejected     gpg: key 4A25D351: no
               valid user IDs     gpg: Signature made Tue Sep 11 07:10:06 2001
               CEST using RSA key ID 4A25D351     gpg: Can't check signature: No
               public key     (E) signature procmail/procmail-3.22.tar.gz.sig
               does not validate 

this is a nogo as it breaks the required security update!  Maybe the RSA key ID 4A25D351 is outdated meanwhile but the source remains valid!

Please stop such automatism!
Comment 1 Dr. Werner Fink 2014-10-13 12:07:33 UTC 
IMHO the key is valid

  werner/procmail> gpg --recv-keys 4A25D351
  gpg: requesting key 4A25D351 from hkp server subkeys.pgp.net
  gpg: key 4A25D351: public key "Procmail Distribution <bug@procmail.org>" imported
  gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
  gpg: depth: 0  valid:   3  signed:   6  trust: 0-, 0q, 0n, 0m, 0f, 3u
  gpg: depth: 1  valid:   6  signed:  47  trust: 2-, 0q, 0n, 1m, 3f, 0u
  gpg: depth: 2  valid:  28  signed:  67  trust: 28-, 0q, 0n, 0m, 0f, 0u
  gpg: next trustdb check due at 2015-01-23
  gpg: Total number processed: 1
  gpg:               imported: 1  (RSA: 1)
  werner/procmail> gpg --list-keys 4A25D351
  pub   1024R/4A25D351 1999-02-09
  uid                  Procmail Distribution <bug@procmail.org>
Comment 2 Stephan Kulow 2014-10-14 09:35:18 UTC 
This is Marcus's source_validator thing - I have no idea about it
Comment 3 Marcus Meissner 2014-10-27 09:37:46 UTC 
it seem to have been fixed although I am not sure how.