[Rpm-maint] [rpm-software-management/rpm] Ignore subkeys that are expired or cannot be used for signing (Issue #1911)

Demi Marie Obenour notifications at github.com
Thu Feb 24 15:58:58 UTC 2022


> The sanest thing for rpm to do would be dropping support for subkeys because that opens up all manner of complications that just don't exist with primary keys. When subkey parsing support was added in [355c9b0](https://github.com/rpm-software-management/rpm/commit/355c9b069f25d3a9c3dc224fb39a90522c04ca28) , I doubt the complexities were considered at all.

That isn’t an option because it would break packages used in the wild, sadly.  But I can submit a patch that will ignore subkeys that cannot be used for signing.

> The other thing to keep in mind wrt rpm key support is that rpm's imported == trusted key model means that you only feed very curated material into rpm. It doesn't generally need to handle arbitrary key data off the net, like a general purpose OpenPGP implementation does.

My assumption is that `gpg --export --armor -o key.asc -- fingerprint-of-trusted-key && rpmkeys --import key.asc` should be safe.  That means that RPM needs to at least safely ignore third-party certifications and direct-key signatures, as well as subkeys that cannot be used for signing.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1911#issuecomment-1050004541
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/1911/1050004541 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220224/93821a4a/attachment.html>


More information about the Rpm-maint mailing list