RFE: Add opt-in metadata signature verification.
Bug #656501 reported by
Jeff Johnson
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| RPM |
Fix Released
|
Medium
|
Jeff Johnson | ||
Bug Description
RPM 5.3 has dropped signature verification on headers retrieved
from an rpmdb because
1) there's no known benefit or increase in security
2) there's a performance penalty which -- while not large -- doesn't meet
luser expectations.
Verifying the signature on the header metadata blob needs to be resurrected as
"opt-in" functionality with --verify, and (for extra credit) performed on a separate thread.
| Changed in rpm: | |
| assignee: | nobody → Jeff Johnson (n3npq) |
| status: | New → Confirmed |
| importance: | Undecided → Medium |
| tags: | added: rpmdb sign verify |
| summary: |
- RFE: Add opt-in metadata sugnature verification. + RFE: Add opt-in metadata signature verification. |
Revision history for this message
| Jeff Johnson (n3npq) wrote | #1 |
| Changed in rpm: | |
| status: | Confirmed → Fix Released |
| milestone: | none → 5.3.12 |
To post a comment you must log in.
Verifying header signatures was add to --verify a while ago.
The operation is also multi-threaded using -fopenmp as well.