[Rpm-maint] [rpm-software-management/rpm] Disable support for OpenPGP subkeys? (Issue #1955)
Panu Matilainen
notifications at github.com
Mon Mar 14 11:33:09 UTC 2022
It's become painfully clear that the subkey support added in rpm 4.13 was naively innocent and lacking any of the necessary validation and computations it takes to meaningfully utilize PGP subkeys, and has opened a whole can of security worms that simply do not exist with primary keys only. Keeping this feature afloat does not seem anywhere near worth the trouble to me.
Consider this a poll of a kind: no doubt there are some users relying on the feature, but are there *major* users? While we're relying on our own OpenPGP parser, that is.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1955
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/1955 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220314/f5340706/attachment-0001.html>
More information about the Rpm-maint
mailing list