[Rpm-maint] [rpm-software-management/rpm] rpm 4.20.0 alpha fallout #1 : urpmi --no-verify is broken by rpm checking on its own (Issue #3142)

Panu Matilainen notifications at github.com
Fri Jun 7 08:01:37 UTC 2024


Oh, no disagreement there. This is a case where basically everybody got caught with their pants down: in the 20+ years of rpm's existence nobody gave much thought to expiry and all that, but then in recent years (even before sequoia) people started running into their ancient SHA1 based keys suddenly stopping to work and then disabling SHA1 got postponed and postponed and postponed, and then rpm-sequoia was introduced and pushing those people more strongly to update their signing systems. And when those parties finally updated their keys we realize there's no mechanism for them to update those keys at all. :see_no_evil: 

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3142#issuecomment-2154305215
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/3142/2154305215 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240607/2f048a55/attachment.html>


More information about the Rpm-maint mailing list