[Rpm-maint] [rpm-software-management/rpm] Ignore subkeys that are expired or cannot be used for signing (Issue #1911)
nwalfield
notifications at github.com
Tue Mar 29 12:59:15 UTC 2022
> A better way is to look at the creation time of the signature you want to verify, then ask the question whether the certificate and its signing subkeys are valid at that point in time.
FWIW, this is the policy that I chose in the Sequoia backend for rpm. [The signature is check at the current time](https://gitlab.com/sequoia-pgp/rpm-sequoia/-/blob/bf085711/src/lib.rs#L438-445). And [a view of the certificate is create as of the signature's time](https://gitlab.com/sequoia-pgp/rpm-sequoia/-/blob/bf085711/src/lib.rs#L455).
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1911#issuecomment-1081839877
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/1911/1081839877 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220329/edd05a22/attachment.html>
More information about the Rpm-maint
mailing list