@DemiMarie commented on this pull request.
> + if (sigalg->setmpi(sigalg, i, p))
+ break;
What if I made a good quality PR that fixed the problem, either directly or on
to your branch? #1705 got NAK’d on the grounds that it added “another struct
pgpDigParams direct access when we're trying to eliminate those.” I can
instead add a proper accessor function (is pgpDigParamsSigType okay?) and use
it.
> Silly, because if you get an admin to import a key file you have access to,
> you don't need to pull off stunts like fiddle with subkey binding signatures.
The main worry is if someone does something like:
```
$ gpg --export 'some trusted fingerprint'
```
and their `/usr/bin/gpg` doesn’t bother to check subkey binding signatures when
exporting.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1795#discussion_r729033785
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint