[Rpm-maint] [rpm-software-management/rpm] SECURITY: applications use rpm to access the userid, but rpm does not verify binding signatures (#528)

Jeff Johnson notifications at github.com
Mon Aug 20 16:20:28 UTC 2018


There is a better implementation of pubkey verification, including a more intelligent parser of OpenPGP packets than what is in rpmio/rpmpgpg.c, that includes the ability to verify certification and binding signatures of OpenPGP packets, that can be reworked to rpm.org code here:

http://rpm5.org/cvs/fileview?f=rpm/rpmio/rpmhkp.c&v=2.20.2.18

I can and will port and supply a patch if there is interest.

Otherwise NIH, *shrug*, close this issue.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/528#issuecomment-414376351
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20180820/c0729154/attachment.html>


More information about the Rpm-maint mailing list