There is another issue that is not covered by revocation at all. A software
package is obsolete as soon as a new version of the package is signed,
especially if there is a known vulnerability in the old version. However, the
signature of the vulnerable version obviously stays valid. If the secur
Agreed with jsumners
> As a user, those details don't matter to me
Confirmed with pmatilai:
> minimally supported
> wont handle this case
Even the --macros is not passed properly to rpmsign, when called from rpmbuild
...
At least, documentation is updated, somewhere, to provide info on that top
Would it be possible to query those tags, via RPM query itself ?
Thinking of something like
rpm -qp --qf '%{applicationspecifictag}\n' ./application.rpm
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/r