[Rpm-maint] [rpm-software-management/rpm] RFE: add support for multiple OpenPGP signatures per package (Issue #3385)

Jan Zerebecki notifications at github.com
Thu Oct 17 13:13:36 UTC 2024


Why do you want to keep the signature in the package in v6 instead of moving it into another file?

That excludes any functionality where unrelated parties offer attestations of the package. For embedding their signature now they all need to coordinate. Then how do they deal with one of them possibly trying to prevent another from including their signature?

It also makes the file non-reproducible.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3385#issuecomment-2419513858
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/3385/2419513858 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20241017/a2927819/attachment.html>


More information about the Rpm-maint mailing list