Closed #183.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/183#event-1017880476___
Rpm-maint mailing list
We've had that for almost three years now so don't bother.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
The signature header contains (optional) information to verify package
integrity.
So new tags are added when packages are signed, and a new signature header is
created and inserted into a *.rpm package file.
However, the insertion forces a rewrite of the metadata header and payload,
which for
RPM package files can include public keys in the metadata header.
So in principle, a package can include the public key used to sign a package
and verify the package signature when reading package headers. The
RPMTAG_PUBKEYS array is also within the signed immutable region and cannot be