[CentOS-devel] kdebindings-3.5.4-6.el5.src.rpm seems to be wrong

Jeff Johnson n3npq at mac.com
Tue Apr 21 23:14:50 UTC 2009


On Apr 21, 2009, at 6:10 PM, Jeff Johnson wrote:

>
>
> Its easy enough to create a reproducer:
>
> 1) build some package
> 2) use dd to truncate some of the payload.
> 3) sign the package
> 3) verify the signature.
>

If this reproduces the issue, I can pretty easily send you a
patch that compares before and after header+payload MD5 digest
and warns/errors if the two values do not match while signing.

73 de Jeff


More information about the CentOS-devel mailing list