[Rpm-maint] [rpm-software-management/rpm] Check that all OpenPGP signatures are a single signature packet (Issue #2109)
Demi Marie Obenour
notifications at github.com
Thu Aug 18 14:26:52 UTC 2022
> I think @DemiMarie is referring to this: [5ff8676](https://github.com/rpm-software-management/rpm/commit/5ff86764b17f31535cb247543a90dd739076ec38)
> I don't know whether Sequoia allows that in the first place or not.
This is correct. I was actually going to suggest enforcing this somewhere in RPM’s C code, so that all backends behave consistently. In particular, any backend based on GnuPG would need such a check badly.
> Looking at `rpm-sequoia`'s [code](https://gitlab.com/sequoia-pgp/rpm-sequoia/-/blob/502f7884/src/lib.rs#L894), it should reject multiple signatures. (A unit test would be good to confirm this and be useful for any future OpenPGP backend.)
I will look at that when I get the time.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2109#issuecomment-1219563932
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/2109/1219563932 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220818/79a799fb/attachment.html>
More information about the Rpm-maint
mailing list