[Rpm-maint] [rpm-software-management/rpm] RFE: forbid extra packets after a signature (#1601)

Demi Marie Obenour notifications at github.com
Thu Mar 25 20:03:22 UTC 2021


RPM currently does not check that a signature contains exactly one packet.  Requiring that a signature have exactly one packet would reduce the attack surface of RPM, but would reject packages with multiple signatures.  If this is not possible, we can at least reject signatures that have non-signature packets.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1601
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210325/5eba5ce1/attachment.html>


More information about the Rpm-maint mailing list