[Rpm-maint] [rpm-software-management/rpm] Check that all OpenPGP signatures are a single signature packet (Issue #2109)

Demi Marie Obenour notifications at github.com
Thu Aug 18 14:26:52 UTC 2022


> I think @DemiMarie is referring to this: [5ff8676](https://github.com/rpm-software-management/rpm/commit/5ff86764b17f31535cb247543a90dd739076ec38)
> I don't know whether Sequoia allows that in the first place or not.

This is correct.  I was actually going to suggest enforcing this somewhere in RPM’s C code, so that all backends behave consistently.  In particular, any backend based on GnuPG would need such a check badly.

> Looking at `rpm-sequoia`'s [code](https://gitlab.com/sequoia-pgp/rpm-sequoia/-/blob/502f7884/src/lib.rs#L894), it should reject multiple signatures. (A unit test would be good to confirm this and be useful for any future OpenPGP backend.)

I will look at that when I get the time.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2109#issuecomment-1219563932
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/2109/1219563932 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220818/79a799fb/attachment.html>


More information about the Rpm-maint mailing list