[Pulp-list] checksumming downloads
Barnaby Court
bcourt at redhat.com
Thu Apr 30 14:18:26 UTC 2015
Hi, I agree that this should be the default behavior, however, checking based on both filesize and checksum can be turned on today by using the '--validate true'. Validating against the feed repo signing key or updating the default behavior would be a really good feature request for https://pulp.plan.io/projects/pulp_rpm/issues/new. Regards,
-Barnaby
On 04/30/2015 03:57 AM, ben.stanley at exemail.com.au wrote:
> > since all of this information is available
> > on feed sync: would it not be worth checksumming the download and taking
> > action (probably electing to ignore the package) if for whatever reason
> > a checksum is inconsistent?
> >
> I agree with this suggestion, but would like the checking to be made even
> stronger.
>
> I would prefer that the package signature is checked against the repo
> signing key to be sure that the package hasn't been tampered with or been
> corrupted along the way.
>
> Ben Stanley.
>
>
> _______________________________________________
> Pulp-list mailing list
> Pulp-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pulp-list
>
More information about the Pulp-list
mailing list