https://sourceware.org/bugzilla/show_bug.cgi?id=28204
--- Comment #25 from Mark Wielaard ---
So I am looking at users/rgoldber/try-bz28204d but it isn't clear you want to
merge that in separate commits or squashed together. I am comparing to
users/rgoldber/try-bz28204c which I believe is the prev
https://sourceware.org/bugzilla/show_bug.cgi?id=28204
--- Comment #24 from Mark Wielaard ---
BTW. How does this interact with the "section" queries?
If the server doesn't support "section" then the debuginfod-client fallback to
fetching "debuginfo" or "executable" should do the signature checkin
https://sourceware.org/bugzilla/show_bug.cgi?id=28204
--- Comment #23 from Ryan Goldberg ---
(In reply to Mark Wielaard from comment #22)
> This still feels odd. Since you cannot distinguish between non-sig f36
> package (okish?) and non-sig f38 packages (bad?). I think you have to either
> trust
https://sourceware.org/bugzilla/show_bug.cgi?id=28204
--- Comment #22 from Mark Wielaard ---
(In reply to Ryan Goldberg from comment #21)
> (In reply to Mark Wielaard from comment #20)
> > But isn't the idea of checking the IMA signatures that you don't have to
> > trust the server providing the
Hi John, Hi Heather,
On Mon, 2023-08-21 at 17:08 -0500, John Mellor-Crummey via Elfutils-
devel wrote:
> Any thoughts about the patch from my student, Heather McIntyre?
Apologies for not responding sooner. The patch was posted when I was on
vacation and I still haven't fully caught up with all wo
