@jrohel: Why does librepo need to parse signature files? Can you point me to
the code that relies on this behavior, please.
@mlschroe: I agree. rpm-sequoia probably should reject these signatures.
--
Reply to this email directly or view it on GitHub:
I dunno about that "fine" and "incomplete". You're asking to *remove* an extra
check in the internal pgp parser.
So maybe the sequoia code is incomplete.
Basically the API is missing a type argument to tell the parser if it should
test for a certain armor.
--
Reply to this email directly or
@mlschroe
In this case, sequoia is fine. But the internal implementation is incomplete.
But in my opinion, there was no pressure to complete the support. We used GpgMe
instead of this API.
Details:
The `pgpReadPkts` function returns the `pgpArmor` enum, which since its
creation in 2001,
I'd argue that either rpm-sequoia or the internal implementation should be
fixed. I'm not sure which is correct.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2512#issuecomment-1554228061
You are receiving this because you are