[Rpm-maint] [rpm-software-management/rpm] Give error message for failed PGP key import (PR #2097)

Michal Domonkos notifications at github.com
Mon Sep 19 12:54:16 UTC 2022


Why are we even talking about rejecting such keys/signatures in RPM here? Isn't this supposed to be handled by the backend in use? IIUC, verification simply fails in the OpenSSL code if SHA-1 is used in FIPS mode so all we need is make it clear *why* that is to the user, don't we?

Or is the concern that, as @nwalfield mentioned, some keys (including RH's own) may contain multiple signatures, some of which use SHA-1, for which we'd always print the warning? If that's the case, maybe we could detect we're running in FIPS mode and only print the message there, even though, that already sounds like an ugly hack. But IIRC, there's a similar check in DNF...

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2097#issuecomment-1250981165
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/2097/c1250981165 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20220919/7e4557f8/attachment.html>


More information about the Rpm-maint mailing list