[Rpm-maint] [rpm-software-management/rpm] Ignore subkeys that cannot sign (PR #1938)

Panu Matilainen notifications at github.com
Mon Feb 28 07:37:13 UTC 2022


Moving this here where it belongs:

> I consider https://github.com/rpm-software-management/rpm/pull/1938 to be critical; there is likely a real-world attack based on it in certain scenarios.

How do you envision any of these subkey scenarios to be exploited, on a broad level? 
Again, considering that these keys would be explicitly imported by the admin. 

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1938#issuecomment-1053971231
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/1938/c1053971231 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220227/1bf8d99f/attachment.html>


More information about the Rpm-maint mailing list