[CentOS-devel] kdebindings-3.5.4-6.el5.src.rpm seems to be wrong
Jeff Johnson
n3npq at mac.com
Tue Apr 21 22:14:50 UTC 2009
On Apr 21, 2009, at 6:10 PM, Jeff Johnson wrote:
>
>
> Its easy enough to create a reproducer:
>
> 1) build some package
> 2) use dd to truncate some of the payload.
> 3) sign the package
> 3) verify the signature.
>
If this reproduces the issue, I can pretty easily send you a
patch that compares before and after header+payload MD5 digest
and warns/errors if the two values do not match while signing.
73 de Jeff
More information about the CentOS-devel
mailing list