[Rpm-maint] [rpm-software-management/rpm] Installation / verification should not pass if the (sub)key(s) has been revoked or expired (#1598)

Demi Marie Obenour notifications at github.com
Fri Jul 2 13:29:02 UTC 2021


> I don't think it makes sense to have a revoked key in the database at all, you might as well just delete the key from the database. So we could state that it's up to the layer above rpm that manages the keys to handle this (libzypp does handle key updates, I don't know about dnf).

Perhaps a better option would be to replace the revoked key with an invalid stub entry, so future attempts to re-add the key fail.  This also lets us provide better error messages to the user.

> But I do think rpm should check the expiry date of a key. We could make it configurable how rpm deals with an expired key.

Agreed.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1598#issuecomment-872999190
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210702/da4d58c0/attachment-0001.html>


More information about the Rpm-maint mailing list