OK, the hdrchk mechanism has been simplified/generalized
so that headers are signature checked on all import pathways,
and on database export pathways, all per-mode configurable.
Wiring the policy of what ignore/warn/error/require action
to take with OK/UNTRUSTED/NOKEY/BAD events is gonna take
a bit more time to implement, particularly since rpm has
not a clue ATM about UNTRUSTED.
The other major problem is drilling the policy up through
applications (very few ATM) that use rpm-4.1. That's gonna
take some time and patience and porting as well.
OK, the hdrchk mechanism has been simplified/ generalized
so that headers are signature checked on all import pathways,
and on database export pathways, all per-mode configurable.
Wiring the policy of what ignore/ warn/error/ require action NOKEY/BAD events is gonna take
to take with OK/UNTRUSTED/
a bit more time to implement, particularly since rpm has
not a clue ATM about UNTRUSTED.
The other major problem is drilling the policy up through
applications (very few ATM) that use rpm-4.1. That's gonna
take some time and patience and porting as well.
Deferred until rpm-4.2.