Currently, `rpm -K` parses the header as well as the signature. If it only parsed the signature, the attack surface would be much smaller, as a far simpler parser could be used.
-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/issues/1468
_______________________________________________ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint