[Rpm-maint] [rpm-software-management/rpm] Ensure unique tags in signature header (#1570)
Panu Matilainen
notifications at github.com
Wed Nov 20 11:46:52 UTC 2024
Hmm. Any old rpm version, not to mention all the 3rd party signing servers out there, can merrily add v3 signatures to a v6 package. It doesn't *break* the package, technically, so erroring out seems like a pretty drastic thing to do. But then it does break our assumptions about 999 being the last tag in signature.
At the very least we should just ignore any tags over 999 in v6 signature headers, and certainly not merge them on package read. And I guess, explicitly delete any tags over 999 from v6 packages during signing, because that's where we care about it more.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1570#issuecomment-2488371072
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/1570/2488371072 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20241120/a5c50ba3/attachment.htm>
More information about the Rpm-maint
mailing list