On Thu, Dec 29, 2016 at 07:08:18AM +0100, John Darrington wrote: > On Thu, Dec 29, 2016 at 03:49:51AM +0100, Tobias Geerinckx-Rice wrote: > Leo, > > On 29/12/16 03:10, Leo Famulari wrote: > > gpg: BAD signature from "Tobias Geerinckx-Rice <m...@tobias.gr>" > > Oh dear. > > > Does anyone else get the same result? Any ideas? > > I do, so it's a real?? corrupted signature. > > Looking back, it turns out that this isn't the first time this has > happened: another commit of mine (7d162df, gnu: mcelog: Update to 146.) > also has a bad signature, which I probably missed for the same reason. > > > How did these commits get into the repository? Our repository is > configured to reject unsigned commits. Can it be that it doesn't > actually check that the signature matches? !!!
Yes, it's a known limitation: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=22883#129 We need to improve the hook.
signature.asc
Description: PGP signature
