[Rpm-maint] [rpm-software-management/rpm] Justus/openpgp fixes (PR #1813)
Justus Winter
notifications at github.com
Wed Nov 10 11:36:35 UTC 2021
@teythoon commented on this pull request.
> @@ -503,6 +500,9 @@ static int pgpPrtSubType(const uint8_t *h, size_t hlen, pgpSigType sigtype,
case PGPSUBTYPE_REVOKE_REASON:
case PGPSUBTYPE_FEATURES:
case PGPSUBTYPE_EMBEDDED_SIG:
+ pgpPrtHex("", p+1, plen-1);
+ break;
+ case PGPSUBTYPE_NOTATION:
> In these cases, ignoring that a subpacket is marked critical would be a serious error, as it could cause RPM to accept a package that it must not. In all four of these cases, the correct fix is for RPM to actually implement the corresponding subpacket, not to ignore it.
I'm not disagreeing, but note that this is already a serious error: RPM ignores these subpackets whether they are marked as critical or not. Sequoia marking these subpackts as critical merely highlights the problem.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1813#discussion_r746503831
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20211110/8509b224/attachment.html>
More information about the Rpm-maint
mailing list