No more deltarpms by default

Reindl Harald h.reindl at
Fri Oct 17 09:17:47 UTC 2014

Am 17.10.2014 um 10:55 schrieb Roberto Ragusa:
> On 10/06/2014 07:25 PM, Reindl Harald wrote:
>> the last discussions suggested that the result needs to be *identical* to the full RPM downloaded for not break signatures
> Bizarre design; the signature should protect the content (uncompressed), not
> the transport method (compressed)

no - it is a smart design besides the topic

the whole RPM package is signed and so you can verify the integrity 
without unpack it first - the history showed security flaws more than 
once just uncompress untrusted archives

and it is a smart design in general:
RPM don't need to know anything about deltarpms the way it is 
implemented just because RPM has not to deal with that and only faces 
the rebuilt package

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the devel mailing list