RPM: signing uncompressed data instead of signed data?

Andre Robatino robatino at fedoraproject.org
Thu Nov 11 10:41:13 UTC 2010

I came across the following old post, which I'm not responding to in-thread due
to its age.


The question was raised why RPMs sign their compressed data, rather than
uncompressed. (One advantage would be to avoid deltarpm rebuild failures due to
changes in compression such as the recent one in xz.) The answer had to do with
the fact that higher-level tools (createrepo and yum) depend on the current
behavior, but that doesn't address whether it's just an early design mistake
that we're locked into now, or if there's actually some overall advantage to
doing things this way (that outweighs the obvious disadvantage of inflexibility
in how the data is compressed). Can anyone shed some light on this?

More information about the devel mailing list