Uploads with unrecognized keys should be publically logged

Setting Medium as it would reduce our overhead and improve visibility into uploads.

Where would it be displayed? And how many of these uploads do you generally get? I'd think it'd be quite common for the Ubuntu repos as people often mistakenly upload to ubuntu rather than REVU or ppas.

We'd make it web-accessible somehow.

But to be clear, this only affects people whose GPG keys are not
registered in Launchpad, which is currently the only situation that I
know of where someone can upload and not get notified of a potential
failure. If you have a valid key, try to upload to the Ubuntu archive
and don't have the required permissions, you get an email notification.

The user "forest" on #launchpad today suggested that it could be a notification on the PPA page or on the owner's (or uploader's?) person page. This wouldn't be perfect, as the user can't be identified reliably in the case of an unsigned upload, but as long as it can be dismissed I think it's OK. See package copy notifications for a similar example.

I ran into this today when uploading to my PPA a package that I had signed with a new key. Having set up the PPA long ago, I had forgotten that gpg keys must be registered with my launchpad account. The upload completed, but Launchpad silently discarded it, making it appear as though some part of Launchpad was down.

This was a frustrating and unnecessary time-waster, as is usually the case with silent failures. A notification of the failure and its cause just about anywhere would have avoided it. For example, a notice on my (the PPA owner's) launchpad home page, or on the PPA page, or in an easily-accessible log that I could have checked.