Time to resurrect multi-key signatures in RPM?

Bojan Smojver bojan at rexursive.com
Tue Aug 26 03:57:04 UTC 2008

Bojan Smojver <bojan <at> rexursive.com> writes:

> Are these things exceptions to the rule or do majority of package have this
> kind of thing built in?

Actually, it should be quite easy to verify this. If someone from Red Hat could
run 'ls *.rpm | sort | while read pkg; do echo -en "$pkg\t"; rpm2cpio < $pkg |
sha1sum; done' for all Fedora packages built in koji of a distro/arch (say
F9/i386) and if Matt could do the same on his Dell build farm, we'll clearly see
what gives different checksums of cpio archives.


More information about the devel mailing list