I know what malleability means, what makes no sense to me is your claim, out of
the blue, that the official way to release PGP signatures in printable form is
somehow vulnerable to confounding attacks, and how they would be relevant here.
If the signature validates it is a valid signature and there is no fudging with
the ASCII text that will make it more or less so.
I am aware of no relevant issues with armored files, do you have any published
analysis that support your stance and would show it being relevant to the RPM
situation ?
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/3385#issuecomment-2511531579
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/3385/[email protected]>
_______________________________________________
Rpm-maint mailing list
[email protected]
https://lists.rpm.org/mailman/listinfo/rpm-maint
