[Rpm-maint] [rpm-software-management/rpm] Fingerprint subpacket parsing support (#1728)
Demi Marie Obenour
notifications at github.com
Wed Mar 2 11:33:44 UTC 2022
> > So this seems to imply that the signer is buggy.
>
> Issuer information in signatures are hints authenticated by the key resulting from that lookup actually verifying the signature. The RFC is very explicit in that regard. I don't know what else to add.
Does that mean that the “does the key ID in the signature match the key ID of the key” check that RPM does already is incorrect?
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1728#issuecomment-1056828159
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/1728/c1056828159 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220302/b2cbf6b6/attachment.html>
More information about the Rpm-maint
mailing list