https://sourceware.org/bugzilla/show_bug.cgi?id=28204
--- Comment #3 from Frank Ch. Eigler <fche at redhat dot com> --- > How would this be used together with debuginfod? > Where/how would the user get the signatures >From debuginfod, possibly via additional response headers, when extracting files from IMA-signed archives. > and how would the client library check those signatures? If it has the file and the signature (and the appropriate public key!) available, the debuginfod client can perform this integrity check at download time. -- You are receiving this mail because: You are on the CC list for the bug.
