it's being tested.

It would be too complex to check the content of each key (too many cases to guess, no automated way to determine what is right).

People filling garbage wont have their key registered, that's all.

I got it when I ran manually sv_users. But I think it was not in fact you key. The begin is very similar but after BD it's different.

There was initially something I missed. But it looks like your key is not valid

gpg: invalid armor header: mQGiBD1bRX8RBACfR6zud9HJqJKjmE1Gf+FEuUFC7NlJ0a02MBONVpBqfpQ15NQr

Hello,

I'm rushing on this script since I made apt-get repositories for Savane. Imagine the nightmare if someone was at some point inserting malicious stuff into the packages, without our knowledge.
The only way to make sure packages are legit is to have their GPG signature checked.

But I dont think it would be necessary, neither useful, to follow a coercitive approach which would consist into restricted the way people access the download area and put uploaded stuff in a temporary area until it is checked.

Here's the little plan I wrote about it this morning, it should give you a clear overview of how it is supposed to work. I think I'll implement it tomorrow (should not be very complicated) or Monday.

## This script should be used via a cronjob to check if files in a download
## area are properly signed.
## Properly signed mean that it has been signed with a GPG signature that is
## in the related group keyring.
## The keyring should have been added by sv_groups in /home/savane-keyrings/.
##
## The approach followed is to provide security in a non-coercitive way.
## File upload is allowed through usual means, file are assumed cleaned until
## proven unclean:
## - user upload files in his download area
## - later, the cronjob look at it:
## * if no files are gpg signed, a file HEADER.html will be
## added (saving such previous file under another name), not
## user modifiable, saying files there cannot be checked using
## gpg. One should assume they are clean, but only assume.
## This HEADER.html file will be added only in top directory,
## not in subdirectories.
## * if files exists and are gpg signed properly (even if not
## all files)
## nothing is done specifically.
## If a HEADER.html added by Savane exists, it gets removed.
## The md5 of checked files is cached and will not be checked
## unless their md5 change
## * if files exists, are gpg signed and the signature is not
## ok, files are moved in a subdirectory called maybe-corrupted
## and a HEADER.html is added listing failed signature checks,
## saying that one should not assume that files are clean.
## (this one will stay until the project upload properly signed
## files)
## A mail should be sent to project admins.
## Additionnaly, a HEADER.html file would be added in
## maybe-corrupted, saying these files are questionable.
## This would happen in any directory, no matter how deep they
## are.
##
## Note: maybe-corrupted dir and HEADER.html files will not be
## modifiable by projects members. They will be added whenever
## it makes sense and they will be removed when incriminated
## files no longer exists.