kkolinko
commented
7 years ago I do not like this.
-
It breaks the feature implemented by #77 In scenario of #77 your getAlgorithm() call will return null and you will fail with IAE. Expected behaviour is to fall through and set this.enabled=false,
-
It does not solve the issue of wrong signature by generating a correct one. It just disallows one to generate any other signature besides RSA.
Using a DSA key results in an RPM package with an unverifiable signature
It seems like DSA has been deprecated by some projects, and we're strongly encouraged to move to RSA. However, Redline RPM currently accepts DSA keys for sigining, but signs the package incorrectly, resulting in errors from RPM with errors that are difficult to diagnose.