New PPAs are published unsigned if used immediately

Bug #374395 reported by William Grant
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Launchpad itself
Fix Released
High
Colin Watson

Bug Description

New PPAs are sometimes published unsigned, although their +index says that they have a key and are signed. I suspect this happens if a PPA is published before its key is generated. This is very confusing.

Related branches

Revision history for this message
Celso Providelo (cprov) wrote :

Yes, key generation will happen within 20 min (as the publishing) but gpg keys take about 4 minutes long to be generated, so if the user creates a PPA and uploads a source in its first 20 minutes of life it's very likely that it will be published unsigned.

Assuming PPAs are supposed to be always signed, we can delay publications until the signing key gets created. This can be done by activating PPA with the 'publish' flag set to False, and including code to set it to True in the signing-key generation step.

Changed in soyuz:
assignee: nobody → Celso Providelo (cprov)
importance: Undecided → Medium
status: New → Triaged
tags: added: feature ppa soyuz-publish
Curtis Hovey (sinzui)
Changed in soyuz:
assignee: Celso Providelo (cprov) → nobody
Changed in launchpad:
importance: Medium → High
Revision history for this message
Robert Collins (lifeless) wrote :

yes, PPAs should always be signed. Not being signed makes apt-add-repository and things like that blow up, and costs staff time answering questions on IRC about it.

summary: - New PPAs can be published unsigned
+ New PPAs are published unsigned if used immediately
Colin Watson (cjwatson)
Changed in launchpad:
assignee: nobody → Colin Watson (cjwatson)
status: Triaged → In Progress
Revision history for this message
Launchpad QA Bot (lpqabot) wrote :
tags: added: qa-needstesting
Changed in launchpad:
status: In Progress → Fix Committed
Colin Watson (cjwatson)
tags: added: qa-ok
removed: qa-needstesting
Colin Watson (cjwatson)
Changed in launchpad:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.