RPM roadmapping
Toshio Kuratomi
a.badger at gmail.com
Tue Aug 7 15:34:28 UTC 2007
On Tue, 2007-08-07 at 10:33 -0400, Matthias Clasen wrote:
> On Tue, 2007-08-07 at 10:26 -0400, Jeremy Katz wrote:
> > On Tue, 2007-08-07 at 10:08 -0400, Matthias Clasen wrote:
> > > On Tue, 2007-08-07 at 17:02 +0300, Jonathan Dieter wrote:
> > > > Just a heads up that deltarpm only works if the *whole* rpm is
> > > > installed. If any files are missing from the old rpm (i.e. anaconda's
> > > > excluded them because they're not the user's language), deltarpm will be
> > > > unable to rebuild the new rpm from the drpm, and yum will have to
> > > > download the full new rpm.
> > >
> > > Technically, yes.
> > > But if you have excluded language X from your installation, what are the
> > > chance that you are interested in the delta for language X ? rpm will
> > > still have enough information to construct the correct contents except
> > > for the part that the user explicitly chose not to install...
> >
> > Except that now you don't have the full RPM so you have no way to verify
> > that the package hasn't been tampered with
>
> Yeah, problems. But I'm sure we have the engineers to solve them...
>
One way this could be done is to only gpg sign the rpm metadata. Where
metadata includes md5/sha sums of the files and the
ownership/permissions of the files.
Then rpm could have a switch to allow certain file types to be missing
from the archive (%lang, %doc).
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20070807/01976cec/attachment.sig>
More information about the fedora-devel-list
mailing list