[Yum-devel] Small checkSig patch

seth vidal skvidal at phy.duke.edu
Tue Sep 28 18:32:26 UTC 2004


On Tue, 2004-09-28 at 20:30 +0200, Roberto Zunino wrote:
> seth vidal wrote:
> > Take a look at the rpm libs. There is no other answer.
> 
> In the current version of the rpm libs there is no other answer, that's 
> true. However, the hdrFromFdno() interface seems quite fragile: the 
> returned strings seem to be for human-readable messages rather than for 
> checking the result. I wouldn't be very surprised if they changed in the 
> future. Since a slight change to them would make yum silently skip 
> checking gpg signatures, I suggest the patch as a proactive security 
> measure.
> 

Feel free to talk to the rpm devel folks about about.


-sv





More information about the Yum-devel mailing list