daklib/checks.py: restore comment about hijack check

[dak.git] / daklib / checks.py

diff --git a/daklib/checks.py b/daklib/checks.py
index 81bd629e481e171991d1ddf0da8d3b4dce282c12..5be0d966da863d129535a2a5c87aa7f9ecbb1fbc 100644 (file)
--- a/daklib/checks.py
+++ b/daklib/checks.py
@@ -354,6 +354,10 @@ class ACLCheck(Check):
     """Check the uploader is allowed to upload the packages in .changes"""
 
     def _does_hijack(self, session, upload, suite):
+        # Try to catch hijacks.
+        # This doesn't work correctly. Uploads to experimental can still
+        # "hijack" binaries from unstable. Also one can hijack packages
+        # via buildds (but people who try this should not be DMs).
         for binary_name in upload.changes.binary_names:
             binaries = session.query(DBBinary).join(DBBinary.source) \
                 .filter(DBBinary.suites.contains(suite)) \
@@ -389,9 +393,9 @@ class ACLCheck(Check):
                 uploaded_arches = set(upload.changes.architectures)
                 uploaded_arches.discard('source')
                 allowed_arches = set(a.arch_string for a in acl.architectures)
-                for a in uploaded_arches:
-                    if a not in allowed_arches:
-                        return False, "uploads for architecture {0} are not allowed".format(a)
+                forbidden_arches = uploaded_arches - allowed_arches
+                if len(forbidden_arches) != 0:
+                    return False, "uploads for architecture(s) {0} are not allowed".format(", ".join(forbidden_arches))
         if not acl.allow_hijack:
             for suite in upload.final_suites:
                 does_hijack, hijacked_binary, hijacked_from = self._does_hijack(session, upload, suite)