RPM: signing uncompressed data instead of signed data?
jreiser at bitwagon.com
Thu Nov 11 15:50:13 UTC 2010
On 11/11/2010 07:17 AM, Andre Robatino wrote:
> in an alternate universe where RPM was originally
> designed to sign the uncompressed data, and the higher-level tools were
> subsequently designed to work with that, is there any fundamental reason
> why things would be worse (or better) than they are now?
The bytes that are signed would be "farther away" from the contents
of the .rpm file. The compression would occur in between the signing
and packing the file, so the signing would be less "end-to-end" with
respect to packing the contents into the file. This changes the
data integrity implications of signature that does not match.
Some uses want more protection against "mere transmission errors" of the file,
other uses want more independence of the various steps in a larger process
(ability to change compression without changing signature, for example.)
More information about the devel