On Wed, 09 Jul 2014 16:16:04 +0100, David Howells said: > Verify certificate chain in the X.509 certificates contained within the PKCS#7 > message as far as possible. If any signature that we should be able to verify > fails, we reject the whole lot. What happens if we see a signature that we shouldn't be able to verify? Or should that changelog entry be reduced to "If any signature fails", period? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 848 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/kexec/attachments/20140710/132c320e/attachment.sig>
