[Rpm-maint] [rpm-software-management/rpm] Fix gpg key loading (#1552)
Panu Matilainen
notifications at github.com
Thu Mar 11 09:05:02 UTC 2021
We can, but not without a warning and a good reason.
The problem is that it's actually a security hole of a kind, it allows any arbitrary package to drop in files that immediately become system-wide trusted keys. That same thing can of course be seen as a feature.
The biggest issue is that these don't play well together, so maybe it should simply be a compile-time option instead... dunno.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1552#issuecomment-796583172
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210311/a2b92cda/attachment.html>
More information about the Rpm-maint
mailing list