[Rpm-maint] [rpm-software-management/rpm] RFE: add support for multiple OpenPGP signatures per package (Issue #3385)

Simo Sorce notifications at github.com
Wed Nov 6 16:54:46 UTC 2024


@Conan-Kudo the simplest policy is that signatures must all verify (why would you put multiple of them otherwise?).

The tricky part is how to handle signatures you do not understand, and I think the simplest policy, again, is to ignore those.

Note, I am not saying you should ignore signatures for which you do not have a public key, only signatures you do not have code for.

For sig where you do not have a key you need to get a key, just like for the one-sig case.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3385#issuecomment-2460302647
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/3385/2460302647 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20241106/5df03c1d/attachment.html>


More information about the Rpm-maint mailing list