RPM

Comment 22 for bug 910708

Revision history for this message
Jeff Johnson (n3npq) wrote :

The patch is not integrated because the bias in the existing test
cases that did not detect this flaw needs to be addressed.

The patch isn't forgotten and will be integrated as part of MANDATORY
signature checking. Meanwhile there has been little interest
in forward progress since February.

In fact "LSB package format" adoption and revisiting header+payload
signatures re-re-re-adding header+payload signatures hasn't started,
and so I haven't added this patch.