[Rpm-maint] [rpm-software-management/rpm] Ignore subkeys that cannot sign (PR #1938)
Panu Matilainen
notifications at github.com
Mon Feb 28 07:37:13 UTC 2022
Moving this here where it belongs:
> I consider https://github.com/rpm-software-management/rpm/pull/1938 to be critical; there is likely a real-world attack based on it in certain scenarios.
How do you envision any of these subkey scenarios to be exploited, on a broad level?
Again, considering that these keys would be explicitly imported by the admin.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1938#issuecomment-1053971231
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/1938/c1053971231 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220227/1bf8d99f/attachment.html>
More information about the Rpm-maint
mailing list