[Rpm-maint] [rpm-software-management/rpm] Distinguish between trusted and untrusted signatures and keys. (PR #1993)
Demi Marie Obenour
notifications at github.com
Fri Apr 8 12:04:37 UTC 2022
> In the very least, it would be good if the test case were merged.
The test case fails with current RPM, as RPM currently doesn’t know when it needs to distrust a signature. This is still nowhere close to a full OpenPGP implementation (that’s orders of magnitude more complex), but it _is_ enough to make `gpg2 --export-options export-minimal --armor --output=output.asc -- '<TRUSTED_FINGERPRINT>' && rpmkeys --import output.asc` safe (at least ignoring expired subkeys, which are a trivial add-on) and that’s what I mostly care about.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1993#issuecomment-1092789927
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/1993/c1092789927 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220408/23e9d41e/attachment-0001.html>
More information about the Rpm-maint
mailing list