Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rpm-sequoia accepts v3 signatures by default #26

Open
nwalfield opened this issue Nov 23, 2022 · 0 comments
Open

rpm-sequoia accepts v3 signatures by default #26

nwalfield opened this issue Nov 23, 2022 · 0 comments

Comments

@nwalfield
Copy link
Collaborator

By default sequoia-openpgp rejects v3 signatures. Unfortunately, much of the rpm ecosystem is still
generating v3 signatures
. Happily, v3 signatures aren't completely broken; they just have weaker security properties
than v4 signatures. Stop accepting v3 signatures once v4 signatures become the norm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant