> actual interaction with the rest of rpm
What about adding configure-time option, say, --enable-enforced-signatures? If
configured and compiled with this one, RPM should refuse to install the package
if no signature at all or (sub)key(s) has been revoked or expired. This may be
useful for the distributions where paranoid security checks are essential.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1598#issuecomment-808720083
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
