MeeGo need a stronger gpg check mechanism which base on rpm package

Bug #635492 reported by Jeff Johnson
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Fix Released

Bug Description


Tags: meego crypto
Revision history for this message
Jeff Johnson (n3npq) wrote :
tags: added: meego
Revision history for this message
Jeff Johnson (n3npq) wrote :

rpmlib can be enabled to verify every package signature whenever read.
This is typically disabled by metainstallers like zypp/yum/smart.

But all depends on what your threat model is ... there's usually
no reason why every package signature needs to be continually
verified; once is often sufficient.

tags: added: crypto
Changed in rpm:
status: New → Triaged
importance: Undecided → Low
Changed in meegolinux:
status: Unknown → In Progress
Changed in meegolinux:
importance: Unknown → Medium
Changed in meegolinux:
status: In Progress → Fix Released
Changed in meegolinux:
status: Fix Released → Unknown
Changed in meegolinux:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.