[Bug debuginfod/28204] extend webapi / verification with forthcoming signed-contents archives
fche at redhat dot com
sourceware-bugzilla@sourceware.org
Wed Sep 8 11:26:28 GMT 2021
https://sourceware.org/bugzilla/show_bug.cgi?id=28204
--- Comment #3 from Frank Ch. Eigler <fche at redhat dot com> ---
> How would this be used together with debuginfod?
> Where/how would the user get the signatures
>From debuginfod, possibly via additional response headers,
when extracting files from IMA-signed archives.
> and how would the client library check those signatures?
If it has the file and the signature (and the appropriate
public key!) available, the debuginfod client can perform
this integrity check at download time.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Elfutils-devel
mailing list