[Rpm-maint] [rpm-software-management/rpm] Ignore most unhashed subpackets in OpenPGP signatures (Issue #1886)
Demi Marie Obenour
notifications at github.com
Mon Jan 17 12:20:56 UTC 2022
Unhashed subpackets are not covered by the signature, so they can be set to anything. Therefore, it is only safe to process subpackets that restrict the validity of the signature. I recommend going further and ignoring everything except for primary key binding signatures, key ID subpackets, and fingerprint subpackets.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1886
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/1886 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220117/71afdc43/attachment.html>
More information about the Rpm-maint
mailing list