Should Fedora rpms be signed? Yes...resign and rsync...

[Alexandre Oliva]

On Oct 30, 2004, "Rodolfo J. Paiz" <rpaiz at simpaticus.com> wrote:

> I'm going to assume that you mean "1GB" (as in gigabyte) since I have no
> idea what a "Go" is.

Giga-octet.  You know, bytes don't have to have 8 bits.  French is
more precise than English, at least in this regard.

> That being said, one of the beauties of rsync is
> that it will *not* need to reread the entire file

Not quite.  Both ends will have to reread the entire file, possibly
even twice.  They won't have to *transfer* the entire file, but for a
mirror, disk bandwidth may also be a critical resource.  Still, it
would be no different from the current situation, in which a package
is first published unsigned, and some time next day (or a few days
later :-) a signature is stapled to it.

-- 
Alexandre Oliva             http://www.ic.unicamp.br/~oliva/
Red Hat Compiler Engineer   aoliva@{redhat.com, gcc.gnu.org}
Free Software Evangelist  oliva@{lsd.ic.unicamp.br, gnu.org}