Why do you want to keep the signature in the package in v6 instead of moving it
into another file?
That excludes any functionality where unrelated parties offer attestations of
the package. For embedding their signature now they all need to coordinate.
Then how do they deal with one of them possibly trying to prevent another from
including their signature?
It also makes the file non-reproducible.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3385#issuecomment-2419513858
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/3385/[email protected]>
_______________________________________________
Rpm-maint mailing list
[email protected]
http://lists.rpm.org/mailman/listinfo/rpm-maint
