[Rpm-maint] [rpm-software-management/rpm] Fix gpg key loading (#1552)

Panu Matilainen notifications at github.com
Thu Mar 11 09:05:02 UTC 2021


We can, but not without a warning and a good reason.

The problem is that it's actually a security hole of a kind, it allows any arbitrary package to drop in files that immediately become system-wide trusted keys. That same thing can of course be seen as a feature.

The biggest issue is that these don't play well together, so maybe it should simply be a compile-time option instead... dunno.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1552#issuecomment-796583172
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210311/a2b92cda/attachment.html>


More information about the Rpm-maint mailing list