Key IDs (even long ones) can have collisions - especially when an attacker
tries to generate them on purpose. The right behavior is to try all keys with
matching key IDs and see if one is able to verify the signature.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3334
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/[email protected]>
_______________________________________________
Rpm-maint mailing list
[email protected]
http://lists.rpm.org/mailman/listinfo/rpm-maint
