https://bugzilla.redhat.com/show_bug.cgi?id=1834731 --- Comment #133 from Björn Persson <bjorn@xxxxxxxxxxxxxxxxxxxx> --- Created attachment 1843870 --> https://bugzilla.redhat.com/attachment.cgi?id=1843870&action=edit patch to filter out revoked and expired keys (In reply to Björn Persson from comment #131) > (In reply to Simone Caronni from comment #130) > > If you think this does not answer your concern please provide a patch/diff > > to the script so I can understand what you mean. Thanks. > > I don't have tested code ready right now but I think you can use gpg2 > instead of gpgv2 – only in bitcoin-gpg.sh, not in the spec – and (using > --status-fd) grep for "^\[GNUPG:\] GOODSIG " only, excluding REVKEYSIG, > EXPKEYSIG, BADSIG et cetera. That pattern matches only at the beginning of a > line to ensure that it matches a keyword and not some other part of the > output. The pattern includes a trailing space to ensure that it matches a > whole keyword, not just a prefix. I took the time to write a patch. Here's how to avoid trusting a key whose owner says not to trust it. -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1834731 _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
