[Pulp-list] checksumming downloads
ben.stanley at exemail.com.au
ben.stanley at exemail.com.au
Thu Apr 30 07:57:58 UTC 2015
> since all of this information is available
> on feed sync: would it not be worth checksumming the download and taking
> action (probably electing to ignore the package) if for whatever reason
> a checksum is inconsistent?
>
I agree with this suggestion, but would like the checking to be made even
stronger.
I would prefer that the package signature is checked against the repo
signing key to be sure that the package hasn't been tampered with or been
corrupted along the way.
Ben Stanley.
More information about the Pulp-list
mailing list