RPM roadmapping
Manuel Wolfshant
wolfy at nobugconsulting.ro
Sat Jul 28 01:45:26 UTC 2007
On 07/27/2007 11:27 PM, Jeff Spaleta wrote:
> On 7/27/07, Leszek Matok <Lam at lam.pl> wrote:
>
>> - Tell if a given package was installed by hand (rpm -i/U/F) or (if installed
>> by yum/apt/whatever) which repository did it come from. Some people suggested
>> to use "Signature:" for that, but that only tells, which repo this pakage was
>> first published on, and I want to know, where did I get it from in reality.
>>
>
> Like the actual url it was pulled from, regardless of which mirror in
> a dynamicly generated mirrorlist you used in that run? A
> repository-wide signature/cert referenced in signed repository
> metadata from the repository might be better in some ways than the
> full url to a specific mirror.
+1 for repository signature. Although the vendor tag is close enough
that maybe this (coupled with the GPG key) could be used instead.
More information about the fedora-devel-list
mailing list