2267819 – Improve gpgverify to handle clearsigned files.

Bug 2267819 - Improve gpgverify to handle clearsigned files.

Summary: Improve gpgverify to handle clearsigned files.

Keywords:
Status:	CLOSED DUPLICATE of bug 2361705
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	redhat-rpm-config
Sub Component:
Version:	42
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Packaging Maintenance Team
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2267820
TreeView+	depends on / blocked

Reported:	2024-03-04 21:11 UTC by Björn Persson
Modified:	2025-09-18 17:25 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2025-09-18 17:25:10 UTC
Type:	Enhancement
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Fedora Package Sources	redhat-rpm-config pull-request 261	0	None	None	None	2024-03-04 21:11:10 UTC

Description Björn Persson 2024-03-04 21:11:11 UTC

gpgverify needs to be improved to handle clearsigned files so that vulnerabilities like the one in git-lfs.spec can be prevented. The merge request is here:

https://src.fedoraproject.org/rpms/redhat-rpm-config/pull-request/261

Comment 1 Aoife Moloney 2025-02-26 12:59:22 UTC

This bug appears to have been reported against 'rawhide' during the Fedora Linux 42 development cycle.
Changing version to 42.

Comment 2 Björn Persson 2025-09-18 17:25:10 UTC

I seem to have forgotten about this Bugzilla entry while the issue was being neglected. GPGverify was eventually moved to its own package.

*** This bug has been marked as a duplicate of bug 2361705 ***

Note You need to log in before you can comment on or make changes to this bug.