Metadata signing for rawhide
Dennis Gilmore
dennis at ausil.us
Thu Aug 6 15:30:28 UTC 2015
On Thursday, August 06, 2015 08:29:50 AM Rex Dieter wrote:
> Nico Kadel-Garcia wrote:
> > What makes you think a site that is poisoning or abusing the metadata
> > would not simply run "createrepo" and generate entirely new metadat
>
> But then it wouldn't match the metalink timestamps or checksums, that Dennis
> mentioned either. Or am I missing something?
Exactly. it would only bite a user that had switched from the metalink urls
shipped by default to something else.
Dennis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150806/80ef4c8e/attachment.sig>
More information about the devel
mailing list