[Rpm-maint] [rpm-software-management/rpm] Require creation time to be unique and hashed (PR #1912)

Panu Matilainen notifications at github.com
Tue Feb 22 11:07:39 UTC 2022


@pmatilai commented on this pull request.



>  	    impl = *p;
-	    if (!(_digp->saved & PGPDIG_SAVED_TIME) &&
-		(sigtype == PGPSIGTYPE_POSITIVE_CERT || sigtype == PGPSIGTYPE_BINARY || sigtype == PGPSIGTYPE_TEXT || sigtype == PGPSIGTYPE_STANDALONE))

> You don't implement TLS, you don't implement XZ, RSA, EdDSA. Why would you even think that it is okay to implement OpenPGP?

Rpm implements its own because there hasn't been any library it could use, language, licenses and all considered. Back in the day, rpm called out to gpg to verify, but when it started verifying signatures on rpmdb queries that became a performance bottleneck. I presume, because this was all well before my time.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1912#discussion_r811829832
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/1912/review/889634804 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220222/a3aed2a8/attachment.html>


More information about the Rpm-maint mailing list