]> git.saurik.com Git - apt.git/commit - methods/gpgv.cc
projects / apt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 56b4c93) | patch
methods/gpgv: Correctly handle weak signatures with multiple keys
authorJulian Andres Klode <jak@debian.org>
Tue, 15 Mar 2016 09:56:05 +0000 (10:56 +0100)
committerJulian Andres Klode <jak@debian.org>
Tue, 15 Mar 2016 11:33:21 +0000 (12:33 +0100)
commit08fd77e83528fd03795524adf76e359ae2b56e06
treeda69c1dc532c243b176eb3c225ad3ac074292fe5tree | snapshot
parent56b4c93f60ebdb828bb8d0b9ea2db448560208f5commit | diff
methods/gpgv: Correctly handle weak signatures with multiple keys

We added weak signatures to BadSigners, meaning that a Release file
signed by both a weak signature and a strong signature would be
rejected; preventing people from migrating from DSA to RSA keys
in a sane way.

Instead of using BadSigners, treat weak signatures like expired
keys: They are no good signatures, and they are worthless.

Gbp-Dch: ignore
methods/gpgv.cc diff | blob | blame | history
APT (for Cydia)