@nwalfield commented on this pull request.
>
- if (replace) {
- rasprintf(&tmppath, "%s.new", path);
- unlink(tmppath);
+ rc = write_key_to_disk(key, dirstr, keyfmt, replace, flags);
+
+ if (!rc && replace) {
+ /* find and delete the old pubkey entry */
I'm a bit concerned about this. OpenPGP certificates are mostly append-only
data structures. To understand why, imagine that the certificate is revoked,
and the revocation certificate is stored locally. Then some process comes
along and updates the certificates, but it doesn't have the revocation
certificate for some reason. The revocation certificate will now be deleted,
and rpm may start relying on the revoked certificate again.
So, from my perspective, the correct thing to do here is to merge the existing
data with the new data.
Can you explain your thought process here and what you are trying to accomplish?
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3437#pullrequestreview-2423810811
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/3437/review/[email protected]>_______________________________________________
Rpm-maint mailing list
[email protected]
http://lists.rpm.org/mailman/listinfo/rpm-maint
