RPM: signing uncompressed data instead of signed data?

Bruno Wolff III bruno at wolff.to
Thu Nov 11 14:02:34 UTC 2010

On Thu, Nov 11, 2010 at 10:41:13 +0000,
  Andre Robatino <robatino at fedoraproject.org> wrote:
> The question was raised why RPMs sign their compressed data, rather than
> uncompressed. (One advantage would be to avoid deltarpm rebuild failures due to
> changes in compression such as the recent one in xz.) The answer had to do with
> the fact that higher-level tools (createrepo and yum) depend on the current
> behavior, but that doesn't address whether it's just an early design mistake
> that we're locked into now, or if there's actually some overall advantage to
> doing things this way (that outweighs the obvious disadvantage of inflexibility
> in how the data is compressed). Can anyone shed some light on this?

Uncompressing hostile data is generally not a good thing to be doing. From
that aspect it makes more sense to sign the compressed payload.

More information about the devel mailing list