Good riddance: Ptooey!
There is one last improvement that might be attempted.
RPM invokes gpg to sign plaintext blobs from packaging.
Because of the handoff to a gpg helper, it is possible for a signature to be
undertaken on a digest (like MD2/RIPEMD etc) that the rpm internal gpg
signature verification does not implement.
RPM will of course fail to verify a signature on an unimplemented digest
algorithm. The problem that remains is that the error happens too late to be
usefully informative.
The better implementation in rpm would be to check for supported/implemented
digests when the signature is returned from the gpg helper in order to provide
immediately useful error messages to the package signer.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/commit/ff4b9111aeba01dd025dd133ce617fb80f7398a0#commitcomment-29504410
_______________________________________________
Rpm-maint mailing list
[email protected]
http://lists.rpm.org/mailman/listinfo/rpm-maint
