Re: [Rpm-maint] [rpm-software-management/rpm] Reject signatures outside of signature header (#1503)

2021-03-13 Thread Demi Marie Obenour
Closed #1503. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/1503#event-4453732610___ Rpm-maint mailing list

Re: [Rpm-maint] [rpm-software-management/rpm] Reject signatures outside of signature header (#1503)

2021-02-12 Thread Demi Marie Obenour
I pushed a patch that only rejects known signatures in the main header. That’s enough to resolve my worries. @pmatilai is it enough for you? -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Reject signatures outside of signature header (#1503)

2021-02-12 Thread Demi Marie Obenour
@DemiMarie pushed 1 commit. 451c5b50a54cc93d901461a56bdeb9b50582b017 Reject signatures outside of signature header -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Reject signatures outside of signature header (#1503)

2021-02-12 Thread Demi Marie Obenour
> > What are these consequences? > > I don't have a crystall ball. In the submitted form, this PR slams the door > on any and all developments where one might want to use the lower tag region > for some new special purposes, forever. With a file format that has lifespan > of multiple decades,

Re: [Rpm-maint] [rpm-software-management/rpm] Reject signatures outside of signature header (#1503)

2021-02-12 Thread Panu Matilainen
> What are these consequences? I don't have a crystall ball. In the submitted form, this PR slams the door on any and all developments where one might want to use the lower tag region for some new special purposes, forever. With a file format that has lifespan of multiple decades, that'd be an

Re: [Rpm-maint] [rpm-software-management/rpm] Reject signatures outside of signature header (#1503)

2021-02-09 Thread Demi Marie Obenour
> I'm not very fond of the idea of banning tags based on their numbers, such a > thing might have far-fetched, unwanted consequences. At any rate, the range > here is too wide, the signature range is from HEADER_SIGBASE to > HEADER_TAGBASE-1. What are these consequences? > I think I'd rather

Re: [Rpm-maint] [rpm-software-management/rpm] Reject signatures outside of signature header (#1503)

2021-02-09 Thread Panu Matilainen
I'm not very fond of the idea of banning tags based on their numbers, such a thing might have far-fetched, unwanted consequences. At any rate, the range here is too wide, the signature range is from HEADER_SIGBASE to HEADER_TAGBASE-1. I think I'd rather approach this from the angle that

Re: [Rpm-maint] [rpm-software-management/rpm] Reject signatures outside of signature header (#1503)

2021-01-17 Thread Demi Marie Obenour
@DemiMarie pushed 1 commit. 4acff44a2f438921445ecb93f7d85e781292f0a3 Reject signatures in immutable headers -- You are receiving this because you are subscribed to this thread. View it on GitHub:

Re: [Rpm-maint] [rpm-software-management/rpm] Reject signatures outside of signature header (#1503)

2021-01-15 Thread Demi Marie Obenour
This check will probably need to be moved to the package reading functions. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub:

[Rpm-maint] [rpm-software-management/rpm] Reject signatures outside of signature header (#1503)

2021-01-15 Thread Demi Marie Obenour
Programs like DNF assume that RPM checks all signatures for validity, but signatures outside the signature header won’t be checked. Therefore, they must be rejected. You can view, comment on, or merge this pull request online at: https://github.com/rpm-software-management/rpm/pull/1503 --