SRPM lists for spins LiveISOs
Ralf Ertzinger
fedora at camperquake.de
Tue Mar 11 13:51:05 UTC 2008
Hi.
On Tue, 11 Mar 2008 08:33:49 -0500, Matt Domsch wrote:
> I started looking into this. rpm -V verifies the md5sums of the
> individual files. Running 'rpm -V' for each rpm on the ccLiveCD-2.0
> only turned up a dozen or so pacakges with any changes at all, all of
> them trivial configuration changes.
Ah, I overlooked that path.
> rpm -V does not, AFAICT, try recreating the original rpm, to compare
> the gpg signature. For our purposes, I think it would be fair to
> assume, that if the package is signed, by one of the Fedora keys, and
> if it's 'rpm -V' output was clean, that it is unchanged.
Yes, that would be true. rpm -V does not recreate the RPM, it does not
have to. It just needs a (digitally signed) list of files along with their
properties (size, mode, checksum).
More information about the fedora-devel-list
mailing list