[Rpm-maint] [rpm-software-management/rpm] Add support for multiple signatures per package, aka v6 signatures (PR #3439)
Florian Festi
notifications at github.com
Tue Nov 19 12:30:34 UTC 2024
> On verification, if RPMTAG_OPENPGP exists then other signature tags are
ignored because they're expected to only contain compat copies of the
same content.
For some reason this feels very wrong to me. I can't conjure up am attack vector for this. But it makes me uneasy.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3439#issuecomment-2485573534
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/3439/c2485573534 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20241119/afbcada0/attachment.htm>
More information about the Rpm-maint
mailing list