[Rpm-maint] [rpm-software-management/rpm] RFE: add support for multiple OpenPGP signatures per package (Issue #3385)
Neal Gompa (ニール・ゴンパ)
notifications at github.com
Wed Nov 6 18:38:02 UTC 2024
> @Conan-Kudo the simplest policy is that signatures must all verify (why would you put multiple of them otherwise?).
>
Multiple signatures aren't necessarily for users installing to process, so it would make sense to ignore them in that case. For example, the signatures may be used to indicate something passed through certain stages. You may have a policy to validate them all, but it may not actually be a required policy. Some signatures may only be for some systems to validate but not others.
I can think of a variety of reasons for it. But regardless, I think it does make sense to have some way to indicate a primary/key signature to validate.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3385#issuecomment-2460508781
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/3385/2460508781 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20241106/df18b1df/attachment.html>
More information about the Rpm-maint
mailing list