[Rpm-maint] [rpm-software-management/rpm] RPMv6 proposal: Detached signatures (#1482)
Florian Festi
notifications at github.com
Thu Jan 14 11:54:47 UTC 2021
There is a middle way how to deal with signatures: Append at the end of the package. RPM should probably dictate a way how they should be separated. Then one could just read the last few kB of the package and check for signatures there without understanding the rpm format at all. You could also put signatures there that are completely unknown to rpm.
One could encode them with base64 or something similar to be 100% sure nothing can go wrong.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1482#issuecomment-760149740
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210114/3851bc41/attachment.html>
More information about the Rpm-maint
mailing list