@JanZerebecki sorry but I do not understand your objection, any vendor can
--addsign and add a new signature w/o problems ...
The signatures themselves are not covered, they only sign the payload, so
reproducibility is not an issue.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3385#issuecomment-2419527835
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/3385/[email protected]>
_______________________________________________
Rpm-maint mailing list
[email protected]
http://lists.rpm.org/mailman/listinfo/rpm-maint
