Demi Marie Obenour
Demi Marie Obenour
I see. In that case multi-stage signing would not work, but RPM headers are non-malleable once the constraints I mentioned above are enforced, so one can sign “every header but...
> Also what I'm talking about here would be a second signature alongside each "normal" signature we add. It needs to be separate because we need to be able to...
Concrete proposal: - New-style signatures are _required_ in v6 packages. - New-style signatures always cover both headers, including the entire main header and all of the signature header except for...
For one, the Linux kernel parser for IMA or fsverity signatures could have a security vulnerability, as could RPM’s own handling of such signatures.
@kenballus Want to collaborate? I was doing the same thing, but mostly with HTTP/2 and HTTP/3!
At least it isn’t as bad as libsoup, which allows CR and LF in [request methods][1] and [URIs][2]! [1]: https://gitlab.gnome.org/GNOME/libsoup/-/issues/441 [2]: https://gitlab.gnome.org/GNOME/libsoup/-/issues/380
Sure! Which email should I use @kenballus?
> > needs to tell clients that a window has been maximized so that they know to use the window size they have been told > > How is maximized...
> Adding more swap to a VM that runs Firefox avoids also "have to wait 30+ seconds" in most cases. This helps for Firefox specifically, because a lot of memory...
@xyzzyz Which X.509 features do you need? I might be able to provide a very simple, purpose-built solution for your use-case. I have already written my own X.509 certificate parser...