> On Mar 28, 2018, at 8:00 PM, Burhan Wani (burwani) <burw...@cisco.com> wrote: > > Hello, > I wanted to know why dual signing feature was removed from rpm 4.2 onwards. > Is there a security risk to using rpm dual signing ? What would be the best > way to implement dual signing in rpm. >
rpm has never supported "dual signing" if you mean signing with 2 different keys. While there were ways to sign twice, with different algorithms, which ended up in different tags, only one of those signatures was ever verified. It doesn't make much sense to have multiple signatures, you are better off using a longer key or hash. What exactly is "dual signing" to you? 73 de Jeff > > Regards, > Burhan Wani > > _______________________________________________ > Rpm-maint mailing list > Rpm-maint@lists.rpm.org > http://lists.rpm.org/mailman/listinfo/rpm-maint
_______________________________________________ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
