On Aug 26, 2013, at 3:52 PM, Per Øyvind Karlsen wrote:
This fixes a segfault with --verify (IIRC on packages signed with old
signature type).
The bug is discussed at https://qa.mandriva.com/show_bug.cgi?id=64378
No definite consensus were ever achieved in previous discussions about the
correct fix for this bug, but the patch does at least work (tm) ;)
Yep, all very well known.
I suspect the patch is correct in avoiding the segfault,
but not personally looked at a reproducer, and CI test harnesses,
all of which also need to change to achieve coverage testing.
Meanwhile, as long as ROSA/Mandriva choose _NOT_ to
officially support automated hkp:// retrieval, I choose a
similar stance and choose _NOT_ to fix what is likely a bug
officially.
Any distro that wishes to pursue MANDATORY signature checking
and elimination of --nodigests/--nosignatures everywhere in RPM
on an official ROADMAP will have my immediate attention.
Until then: *shrug*
73 de Jeff
--
Regards,
Per Øyvind
rpm-5.4.9-fix-verify-segfault.patch