As part of our ever vigilant stance towards security around our
packaging process, we have added a new feature to upload.cgi (which
accepts file uploads into the lookaside cache) which will email the
package owner (<package>-owner(a)fedoraproject.org, specifically) and
fedora-extras-commits(a)redhat.com whenever a file is uploaded to the
lookaside cache. Previously this was a big black box and an area of
concern.
The message will contain the name of the file, the package concerned,
the md5sum, and the user that uploaded it. An example is below:
File upload.cgi for package sportrop-fonts has been uploaded to the
lookaside cache with md5sum 26489f9e92601f0f84cfbb278c2b98e1 by
jstanley
Please let me know if you have any questions, comments, or room for improvement!
Thanks!
-Jon