> There are two entirely separate cases here:
>
> * no key, which can only return FAIL/NOKEY
>
> * one or more matches, which can only return FAIL/OK
> You'll want those in a top-level if-else so there's no doubt
> whatsoever: only one of them can execute, and keyptr can only be set by the
> latter. Which means "key" can and should move to a more local scope in the
> second. And for the no key case, it'd be a good idea to add an actual assert
> to make it 200% clear: it can never ever return OK.
This is wrong IMHO. There may be keys that get dropped in the loop because we
can figure out they do not match. If we can get the fingerprint of some
signatures at some point we might be able to filter out non-matching keys even
more. In these cases we still need to run the NOKEY part if all keys got
dropped.
Also even in the NOKEY part we want to write NULL to the keyptr so callers can
rely on their key variable getting updated.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/3398#issuecomment-2434571186
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/pull/3398/c2434571...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
