yum-presto not on by default
kevin.kofler at chello.at
Sat Sep 26 07:53:38 UTC 2009
> As for the GPG signature ... can't the drpm itself be signed?
If the metadata is getting signed, it basically is already. The metadata
contains a checksum of the DRPM, so if the metadata passes the signature
check and the DRPM matches the checksum, the DRPM's integrity and
uncompromisedness is verified. So I think it's safe to disable the checksum
check for the rebuilt RPMs entirely.
More information about the devel