Loop over the candidates during signature verification and use the one verifying it - iff any. Otherwise use last key with matching key ID (basically a random one). You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/3398 -- Commit Summary -- * rpmKeyring: Support keys with the same key ID -- File Changes -- M rpmio/rpmkeyring.cc (69) A tests/data/keys/keyidcollision1.asc (8) A tests/data/keys/keyidcollision1.pub (8) A tests/data/keys/keyidcollision2.asc (8) A tests/data/keys/keyidcollision2.pub (8) M tests/rpmsigdig.at (68) -- Patch Links -- https://github.com/rpm-software-management/rpm/pull/3398.patch https://github.com/rpm-software-management/rpm/pull/3398.diff -- Reply to this email directly or view it on GitHub: https://github.com/rpm-software-management/rpm/pull/3398 You are receiving this because you are subscribed to this thread. Message ID: <rpm-software-management/rpm/pull/3...@github.com>
_______________________________________________ Rpm-maint mailing list Rpm-maint@lists.rpm.org http://lists.rpm.org/mailman/listinfo/rpm-maint
