> @mlschroe Sadly, Fedora doesn’t sign its metadata.
We don't need to as we use metalinks. In the metalink is the checksum(s) for
the valid repomd.xml file. If someone tampers with the repodata it will not
match and the client will go on to the next one. But thats likely offtopic for
this issue
I guess that is a no go anyway, looking at commit
67f8f2b01d00f03f2d6c072fb2697d3860abe47b
We will solve it otherwise ...
Closing
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/r
Closed #1505.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1505#event-4215470601___
Rpm-maint mailing list
Rpm-maint@lists.rpm
@pmatilai hi, would it be unrealistic to get back support for Python2? Some of
our tools still use Python2 bindings and install them via `rpm-py-installer`,
but with rpm-4.16 this does not work anymore. So our tools are not installable
nicely with Fedora-33 and Rawhide. This would give us a bit
These patches were needed to get back support for Python2.
This gives users more time to migrate to Python3.
Signed-off-by: Miroslav Vadkerti
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1505
-- Commi
Closed #1504.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1504#event-4214971054___
Rpm-maint mailing list
Rpm-maint@lists.r
The RPM signature header is growing more and more complex, with new types such
as per-file and fsverity signatures being added. This increases the risks of
bugs in its parsing. Since the signature header is not itself signed, these
bugs are critical security vulnerabilities.
I propose that RP
@DemiMarie pushed 0 commits.
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1502/files/706e7c2e11eecaaab0953eb68618fe2f34aaed99..28e97bacfc011d2304d494f8762d69ed73cde68e
@DemiMarie pushed 1 commit.
706e7c2e11eecaaab0953eb68618fe2f34aaed99 Check that the blob is long enough
for a region
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1502/files/28e97bacfc011d2304d494f87
@DemiMarie pushed 1 commit.
282ff55d448f85cfdbd94348badea14cd8cac9bb Tag data must have count greater than
zero
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1496/files/5fb92fa86d7bc03758982b3ce5f357
@DemiMarie pushed 1 commit.
8f0c8600f1bc25dd9b724ee4d4086fc0bf91827c Check that count and data length are
reasonable
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1492/files/fc4d264682aa89bcd61a941a4
@DemiMarie pushed 1 commit.
4acff44a2f438921445ecb93f7d85e781292f0a3 Reject signatures in immutable headers
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1503/files/c4449c429063108781d4d48c18b08010823
12 matches
Mail list logo