> @mlschroe Sadly, Fedora doesn’t sign its metadata.
We don't need to as we use metalinks. In the metalink is the checksum(s) for
the valid repomd.xml file. If someone tampers with the repodata it will not
match and the client will go on to the next one. But thats likely offtopic for
this
I guess that is a no go anyway, looking at commit
67f8f2b01d00f03f2d6c072fb2697d3860abe47b
We will solve it otherwise ...
Closing
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
Closed #1505.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1505#event-4215470601___
Rpm-maint mailing list
@pmatilai hi, would it be unrealistic to get back support for Python2? Some of
our tools still use Python2 bindings and install them via `rpm-py-installer`,
but with rpm-4.16 this does not work anymore. So our tools are not installable
nicely with Fedora-33 and Rawhide. This would give us a bit
Closed #1504.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1504#event-4214971054___
Rpm-maint mailing list
The RPM signature header is growing more and more complex, with new types such
as per-file and fsverity signatures being added. This increases the risks of
bugs in its parsing. Since the signature header is not itself signed, these
bugs are critical security vulnerabilities.
I propose that
@DemiMarie pushed 0 commits.
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1502/files/706e7c2e11eecaaab0953eb68618fe2f34aaed99..28e97bacfc011d2304d494f8762d69ed73cde68e
@DemiMarie pushed 1 commit.
706e7c2e11eecaaab0953eb68618fe2f34aaed99 Check that the blob is long enough
for a region
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
@DemiMarie pushed 1 commit.
282ff55d448f85cfdbd94348badea14cd8cac9bb Tag data must have count greater than
zero
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
@DemiMarie pushed 1 commit.
8f0c8600f1bc25dd9b724ee4d4086fc0bf91827c Check that count and data length are
reasonable
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
@DemiMarie pushed 1 commit.
4acff44a2f438921445ecb93f7d85e781292f0a3 Reject signatures in immutable headers
--
You are receiving this because you are subscribed to this thread.
View it on GitHub:
11 matches
Mail list logo