On Tue, 2008-08-26 at 05:22 +0000, Bojan Smojver wrote:
Seth Vidal <skvidal <at> fedoraproject.org> writes:
> why do you want that?
>
> rpm -qp --dump pkg.rpm
Because I didn't read rpm manual page? ;-)
Yeah, that's really useful - thanks for that hint. Makes it really simple for
people to compare content of packages.
You reckon this multi-key signing thing could be done in any practical fashion
in Fedora?
I think it will complicate things a lot for users to verify and it's not
obvious how much we'll gain in terms of security.
-sv