Re: [Rpm-maint] [rpm-software-management/rpm] invalid OpenPGP signature with Sequoia for existing RPM (Issue #2351)

Neal H. Walfield Mon, 04 Dec 2023 00:19:45 -0800

As I understand it `NOTTRUSTED` means that we've verified the signature, but it 
uses e.g. a weak algorithm and hence cannot be fully relied upon.  These 
signatures and keys are out of spec and although Sequoia detects them, it does 
not correct them.  As such it is non-trivial to check the signatures in which 
case `NOTTRUSTED` does not seem appropriate.


Or, am I misunderstand the semantics of `NOTTRUSTED`?

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2351#issuecomment-1838043889
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/2351/1838043...@github.com>

_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint

Re: [Rpm-maint] [rpm-software-management/rpm] invalid OpenPGP signature with Sequoia for existing RPM (Issue #2351)

Reply via email to