Bileto PPA upload rejections are lost to the ether

A whitelist of GPG keys is only one way to solve your problem, and I think it's probably not the best one.

We already change behaviour based on whether the archive is a primary archive or not. One possibility would be to notify Maintainer+Changed-By in the case of devirtualised archives, since those are already treated as quasi-primary in other cases, although this would admittedly be a hack.

What I'd really prefer, though, is a way to encapsulate the notion that the bot is acting on behalf of somebody else, which is not information that is currently communicated via the .changes. It would be within bileto's power to pass something like --changes-option=-DLaunchpad-Notify-Changed-By=yes (just an example, don't implement this yet!), and for Launchpad to notify the address in Changed-By (which typically comes from the changelog) if it finds that field in the .changes file. How would that suit you? I think it's reasonably elegant and it wouldn't in general cause backscatter when naïve users upload unmodified versions of packages to their PPAs, which is the main reason we don't notify Changed-By today.

I'm open to stamping flags in the packaging, sure.

I've opened a bileto task since it will need to add the appropriate field to .changes. Please don't do this until the Launchpad task reaches "Fix Committed", though, since the details may change before then.

Fixed in stable r18253 <http://bazaar.launchpad.net/~launchpad-pqm/launchpad/stable/revision/18253>.

Alright, what's the plan here? I need to add "--changes-option=-DLaunchpad-Notify-Changed-By=yes" to my dpkg-buildpackage invocation?

Yes, exactly that. I've tested that approach on dogfood and it produces correct results.