[Yum-devel] Small checkSig patch
skvidal at phy.duke.edu
Tue Sep 28 18:32:26 UTC 2004
On Tue, 2004-09-28 at 20:30 +0200, Roberto Zunino wrote:
> seth vidal wrote:
> > Take a look at the rpm libs. There is no other answer.
> In the current version of the rpm libs there is no other answer, that's
> true. However, the hdrFromFdno() interface seems quite fragile: the
> returned strings seem to be for human-readable messages rather than for
> checking the result. I wouldn't be very surprised if they changed in the
> future. Since a slight change to them would make yum silently skip
> checking gpg signatures, I suggest the patch as a proactive security
Feel free to talk to the rpm devel folks about about.
More information about the Yum-devel