<p>The common theme in tickets <a href="https://github.com/rpm-software-management/rpm/issues/135" class="issue-link js-issue-link" data-url="https://github.com/rpm-software-management/rpm/issues/135" data-id="203797580" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#135</a>, <a href="https://github.com/rpm-software-management/rpm/issues/136" class="issue-link js-issue-link" data-url="https://github.com/rpm-software-management/rpm/issues/136" data-id="203797948" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#136</a>, <a href="https://github.com/rpm-software-management/rpm/issues/137" class="issue-link js-issue-link" data-url="https://github.com/rpm-software-management/rpm/issues/137" data-id="203798076" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#137</a>, <a href="https://github.com/rpm-software-management/rpm/issues/138" class="issue-link js-issue-link" data-url="https://github.com/rpm-software-management/rpm/issues/138" data-id="203798154" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#138</a> and <a href="https://github.com/rpm-software-management/rpm/issues/139" class="issue-link js-issue-link" data-url="https://github.com/rpm-software-management/rpm/issues/139" data-id="203798213" data-error-text="Failed to load issue title" data-permission-text="Issue title is private">#139</a> is that the datatype of a valid tag is changed to something incompatible, such as an integer tag is changed to string, which then causes crash-and-burn in various places, many of which are not able to return an error even if they bothered to check for the types etc.</p>
<p>Mandatory signature checking makes this less of an issue, or rather shift the issue to key management. But optimally rpm should not crash on invalid data, even with --nosignature/--nodigest. The signature header data is fairly thoroughly validated before use, we should have something similar for the main header. Piles of more data to deal with, and many conditionals like if tag X is there then otherwise optional Y must be present too etc, but validating our used tags are type sane etc could be considered a starting point at least.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/rpm-software-management/rpm/issues/242">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ANb80wFtH9uC2PLv3QElQGU07cU66W7tks5sIiE8gaJpZM4OHu9a">mute the thread</a>.<img alt="" height="1" src="https://github.com/notifications/beacon/ANb807_HCypvhe3p5QQWfB-Mye4cnBEPks5sIiE8gaJpZM4OHu9a.gif" width="1" /></p>
<div itemscope itemtype="http://schema.org/EmailMessage">
<div itemprop="action" itemscope itemtype="http://schema.org/ViewAction">
  <link itemprop="url" href="https://github.com/rpm-software-management/rpm/issues/242"></link>
  <meta itemprop="name" content="View Issue"></meta>
</div>
<meta itemprop="description" content="View this Issue on GitHub"></meta>
</div>

<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/rpm-software-management/rpm","title":"rpm-software-management/rpm","subtitle":"GitHub repository","main_image_url":"https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png","avatar_image_url":"https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png","action":{"name":"Open in GitHub","url":"https://github.com/rpm-software-management/rpm"}},"updates":{"snippets":[{"icon":"DESCRIPTION","message":"RFE: Pre-validate (all) header data for semantic consistency (#242)"}],"action":{"name":"View Issue","url":"https://github.com/rpm-software-management/rpm/issues/242"}}}</script>