> On verification, if RPMTAG_OPENPGP exists then other signature tags are
ignored because they're expected to only contain compat copies of the
same content.
For some reason this feels very wrong to me. I can't conjure up am attack
vector for this. But it makes me uneasy.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3439#issuecomment-2485573534
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/3439/[email protected]>
_______________________________________________
Rpm-maint mailing list
[email protected]
https://lists.rpm.org/mailman/listinfo/rpm-maint
