[Rpm-maint] [rpm-software-management/rpm] PGP key identifiers use binding signature's creation time, not certificate creation time (Issue #2004)
Michael Schroeder
notifications at github.com
Mon Apr 8 07:47:14 UTC 2024
You can't trust keys.openpgp.org to only return key material for the query, so you need to check the returned data to make sure it doesn't contain an extra pubkey.
It would be safe if rpmkeys had a `--freshen` option that makes sure no new pubkeys are imported.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2004#issuecomment-2042078749
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/2004/2042078749 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240408/e3caaf49/attachment.html>
More information about the Rpm-maint
mailing list