RPM: signing uncompressed data instead of signed data?
Michel Alexandre Salim
salimma at fedoraproject.org
Sun Nov 14 13:37:55 UTC 2010
On Thu, 11 Nov 2010 10:17:57 -0500, Andre Robatino wrote:
> James Antill wrote:
>
>> IMO, as has been said before, if you have a delta method that doesn't
>> produce the exact same bits at the end ... you've probably failed. It
>> might seem like a good idea, but even if you go to the extreme lengths
>> needed to make it just for yum ... things like reposync won't be able
>> to use it, Eg.
>>
>> http://james.fedorapeople.org/python/delta-rpm-dir.py
>
> I realize there's a lot of stuff sitting on top of RPM that depends on
> how it works currently, but in terms of correctness, it still seems to
> me to make more sense to sign the uncompressed data, since that's what
> actually gets used, and it would avoid issues like
> https://fedorahosted.org/rel-eng/ticket/4224 which will have to be dealt
> with periodically as long as compression continues to improve.
This is what 0install uses:
http://0install.net/faq.html
--
Michel Alexandre Salim
Fedora Project Contributor: http://fedoraproject.org/
Email: salimma at fedoraproject.org | GPG key ID: 78884778
Jabber: hircus at jabber.ccc.de | IRC: hircus at irc.freenode.net
() ascii ribbon campaign - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments
More information about the devel
mailing list