Revert "Don't confuse OpenScanHub with false array overrun"
Yikes. This was a rushed "fix" that caused a regression in --verify
mode with the following error message:
Header RSA signature: BAD (header tag 268: invalid OpenPGP signature)
This was immediately caught by the CI (thank god we have it!).
Since this patch was downstream-only (no internal OpenPGP parser in rpm
upstream anymore), it didn't go through the usual peer review. I should
have asked for it in GitLab still, no matter how innocent and tiny the
change appears to be (lesson learned).
Anyway, it's probably going to be safer to just mark this finding as a
false positive (which it really is), as opposed to touching the code.
Let's revisit later, for now, just revert.
This reverts commit ae9528bbef8b05883ae08ad345e4f945c04ad0ff.
Related: RHEL-22607