On 08/11/2017 02:02 AM, Panu Matilainen wrote: > > The full story is in https://bugzilla.redhat.com/show_bug.cgi?id=1480407 > but to summarize, this is actually a bug in rpm 4.13.x which is not > ignoring unknown signature header tag like it should, older rpm versions > are not affected. Also the bug only affects signature checking with > rpmkeys -K, packages can still be installed and even signed without > problems. > > Rpm 4.13 needs to be updated in all active Fedora versions to correctly > cope with it but that's going to take time and is not something I want > to rush. So for the time being, I've disabled generation of the > troublesome SHA256 header-only digest in 4.14 to be able to move on with > it. We'll re-enable it once the updates to older versions have been > completed, but there's no urgency to that now. > > Apologies for the entirely unexpected hickup :-/ No problem, it happens. ;) Thanks for looking into this quickly and pushing a fix. kevin
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
