[Yum-devel] Small checkSig patch
zunino at di.unipi.it
Tue Sep 28 18:30:36 UTC 2004
seth vidal wrote:
> Take a look at the rpm libs. There is no other answer.
In the current version of the rpm libs there is no other answer, that's
true. However, the hdrFromFdno() interface seems quite fragile: the
returned strings seem to be for human-readable messages rather than for
checking the result. I wouldn't be very surprised if they changed in the
future. Since a slight change to them would make yum silently skip
checking gpg signatures, I suggest the patch as a proactive security
> but I've no opposition to the patch.
I would be glad if you applied it but, of course, the final word is
In any case, thanks for your time,
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.baseurl.org/pipermail/yum-devel/attachments/20040928/16c1eac1/attachment.pgp
More information about the Yum-devel