@DemiMarie pushed 1 commit.
0bd36c11c2e5d9ec1a9f79a30db29ba909cf6e7e Header signatures alone are not
sufficient
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1672/files/996644d28592e1f88d0dfadd46e4fa
@ffesti ping
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1672#issuecomment-874223443___
Rpm-maint mailing list
Rpm-maint@list
This fixes how RPM handles packages that contain a header signature, but
neither header+payload signature nor payload digests. Such packages are
obviously not properly signed, but RPM previously accepted them.
This could be used to confuse both ‘rpmkeys -K’ and DNF. Both would
report that the pa