[Rpm-maint] [rpm-software-management/rpm] Add support for multiple signatures per package, aka v6 signatures (PR #3439)

Florian Festi notifications at github.com
Tue Nov 19 12:30:34 UTC 2024


> On verification, if RPMTAG_OPENPGP exists then other signature tags are
ignored because they're expected to only contain compat copies of the
same content.

For some reason this feels very wrong to me. I can't conjure up am attack vector for this. But it makes me uneasy.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3439#issuecomment-2485573534
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/3439/c2485573534 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20241119/afbcada0/attachment.htm>


More information about the Rpm-maint mailing list