hook into rpm install/update/deletion of any package (for etckeeper)
Till Maas
opensource at till.name
Mon May 19 20:12:00 UTC 2008
On Mon May 19 2008, Todd Zullinger wrote:
> Till Maas wrote:
> > Thank you, but this way I fear that I install unsigned rpms from a
> > repository because my locally built rpms are not signed (otherwise
> > they are broken, because rpms does not support the keylength of my
> > gpg key) and therefore afaik I had to disable the check for gpg
> > signatures.
>
> So no signature is preferable to creating a key of more standard size
> for use in signing your custom packages?
I can still provide gpg signatures with gpg:
gpg --armor --detach-sign foo.rpm
This also allows the receipient to check the signature without giving my key
ultimate trust for any rpm, which is afaik what happens when someone imports
a gpg key into rpm. Also do not distribute rpms via unsecure channels to my
machines and having a third private gpg key for this without gaining much.
Regards,
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 827 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080519/3808781a/attachment.sig>
More information about the fedora-devel-list
mailing list