[Rpm-maint] [rpm-software-management/rpm] Installation / verification should not pass if the (sub)key(s) has been revoked (#1598)

Demi Marie Obenour notifications at github.com
Thu Mar 25 10:18:31 UTC 2021


> Revocation is one of the many unimplemented things in rpm's OpenPGP support.
> 
> In other words, you're not seeing a bug as such, it's just not implemented at all, much like expiration is not.

Given the complexity of a full implementation, I wonder if we would be better off ditching OpenPGP entirely in RPMv6.  Something like signify would be trivial to implement, and we can just add new tags whenever we need to support new algorithms.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1598#issuecomment-806529427
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210325/cfee3579/attachment.html>


More information about the Rpm-maint mailing list