@pmatilai commented on this pull request.
> + if (sigalg->setmpi(sigalg, i, p))
+ break;
I don't really even disagree - *optimally* we should check for it someplace.
It's just that the check doesn't really fit anywhere nicely and meanwhile
arguing over a relatively petty issue is just delaying getting the silly CVE
fixed. Silly, because if you get an admin to import a key file you have access
to, you don't need to pull off stunts like fiddle with subkey binding
signatures.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1795#discussion_r729015479
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
