Well, the only thing somebody can achieve by messing with the signatures is not
achieving a positive verification really.
In my initial version it read all the tags but then you'd need to weed out
exact duplicates and somehow manage the resulting NOTFOUND spew. It gets ugly
and complicated for no gain at all.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3439#issuecomment-2485622443
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/3439/[email protected]>
_______________________________________________
Rpm-maint mailing list
[email protected]
https://lists.rpm.org/mailman/listinfo/rpm-maint
