Remove support for V3 public keys
- V3 keys have been long since deprecated and extinct for all practical
purposes for more than a decade by now (for example, Red Hat Linux 6.0
from 1999 was the last RHL to use a V3 key for signing). RFC-4880
says V3 keys MUST NOT be generated (they have a number of weaknesses),
but implementations MAY accept them. We choose not to accept them
anymore, eliminating a code path that would essentially only get
triggered by malformed packages. The said code path also contained
a few buffer overflows and other bugs, so its more than just
"good riddance."
- Worth nothing is that only support for V3 *keys* is removed, V3
signatures are still supported along with V4 ones.
projects / platform / upstream / rpm.git / commit