> The fs keyring behavior has potential security problems as it allows any
> package to drop in files at the keyring path, instantly becoming trusted
> keys.
In ALT we considering using fs keyring feature, can you explain how adding a
file is different in security than adding a key into rpmdb by any package?
Theoretically, fs keys (in the future) could be protected by fsverity or IMA
while rpmdb not.
> The other issue is that the on-disk and rpmdb variants don't play well
> together, in fact they don't play together at all.
Can you also elaborate on this? Thanks much in advance!
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1575#issuecomment-922413477
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
