[Yum-devel] Small checkSig patch

Roberto Zunino zunino at di.unipi.it
Tue Sep 28 18:30:36 UTC 2004


seth vidal wrote:
> Take a look at the rpm libs. There is no other answer.

In the current version of the rpm libs there is no other answer, that's 
true. However, the hdrFromFdno() interface seems quite fragile: the 
returned strings seem to be for human-readable messages rather than for 
checking the result. I wouldn't be very surprised if they changed in the 
future. Since a slight change to them would make yum silently skip 
checking gpg signatures, I suggest the patch as a proactive security 
measure.

> but I've no opposition to the patch.

I would be glad if you applied it but, of course, the final word is 
yours :-)

In any case, thanks for your time,
Zun.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.baseurl.org/pipermail/yum-devel/attachments/20040928/16c1eac1/attachment.pgp 


More information about the Yum-devel mailing list