https://sourceware.org/bugzilla/show_bug.cgi?id=28204
--- Comment #21 from Ryan Goldberg <rgoldber at redhat dot com> --- (In reply to Mark Wielaard from comment #20) > But isn't the idea of checking the IMA signatures that you don't have to > trust the server providing the debuginfo files as the distro intended them? But this will allow for the case of a trusted server which only has some of it's RPMs per-file signed. Take for instance a server which has the RPMs for f36,37,38. The f36 files don't have signatures so using enforcing here is too strict since we are ok just letting a client know that these ones are unverifiable, but we still want to be able to reject any of the invalid ones for f38 > So both are bad in some way. Which imho means that if we support some kind > of permissive mode, then it should explicitly warn for both kind of baddness. In the permissive mode you'll get: * "the signature is valid" for valid sigs * "ALERT: this download is being rejected since the IMA signature could not be verified" for invalid sigs * "the signature could not be verified" otherwise So we do warn for both kinds of bad, we just don't reject the 'unknown' bad -- You are receiving this mail because: You are on the CC list for the bug.
