[Rpm-maint] [rpm-software-management/rpm] Ignore subkeys that cannot sign (PR #1938)

Demi Marie Obenour notifications at github.com
Mon Feb 28 17:49:48 UTC 2022


Given the situation that @teythoon has established occurs in practice, I can see several ways an attack could happen.  The simplest is if the encryption subkey is treated as less sensitive than the primary key.  For instance, the signing subkey might be on a smart card, while the primary key is not.  If the primary key is leaked (e.g. to a backup) it would allow signing arbitrary packages, which should not be possible.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1938#issuecomment-1054510093
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/1938/c1054510093 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220228/d5a61ed3/attachment.html>


More information about the Rpm-maint mailing list