As part of our ever vigilant stance towards security around our packaging process, we have added a new feature to upload.cgi (which accepts file uploads into the lookaside cache) which will email the package owner (<package>-owner@fedoraproject.org, specifically) and fedora-extras-commits@redhat.com whenever a file is uploaded to the lookaside cache. Previously this was a big black box and an area of concern.
The message will contain the name of the file, the package concerned, the md5sum, and the user that uploaded it. An example is below:
File upload.cgi for package sportrop-fonts has been uploaded to the lookaside cache with md5sum 26489f9e92601f0f84cfbb278c2b98e1 by jstanley
Please let me know if you have any questions, comments, or room for improvement!
Thanks! -Jon
devel-announce@lists.fedoraproject.org