marmarek left a comment (rpm-software-management/rpm#2678)
The current approach looks okay, but I'll voice my concern in case it would be
changed in a later iteration: avoid automatic key generation, and even more
avoid automatically importing that key as trusted by rpm. This could easily
result in the private key (already trusted by rpm there) leaking if somebody is
not aware of all the details - for example by pushing a container to some
registry where an rpm was built as part of the container build process.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2678#issuecomment-2665539153
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/2678/2665539...@github.com>
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
https://lists.rpm.org/mailman/listinfo/rpm-maint
