[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: yum-presto not on by default





On Wed, 23 Sep 2009, Jonathan Dieter wrote:

As I think may have been mentioned elsewhere, the *only* problem is that
the rpm signatures must match and the signatures are over the
*compressed* rpm.

I would *love* to see deltarpm rebuilding uncompressed rpms, but that
will require storing two signatures per rpm in the metadata (compressed
and uncompressed sha256), and either modifying yum to check the
appropriate one, or deltarpm to change the rpm's signature to the
uncompressed one.

I don't think we want to go down the road of having deltarpm-rebuilt
rpms not having their signature checked at all.

I agree about having to deal with the signatures but as a minor mitigating circumstance - we're going to be gpg signing the repomd.xml - which should at least help you keep a safe infrastructure down to the deltarpm metadata.

-sv


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]