[CentOS-devel] kdebindings-3.5.4-6.el5.src.rpm seems to be wrong

Farkas Levente lfarkas at lfarkas.org
Tue Apr 21 23:44:21 UTC 2009


Jeff Johnson wrote:
> On Apr 21, 2009, at 6:10 PM, Jeff Johnson wrote:
> 
>>
>> Its easy enough to create a reproducer:
>>
>> 1) build some package
>> 2) use dd to truncate some of the payload.
>> 3) sign the package
>> 3) verify the signature.
>>
> 
> If this reproduces the issue, I can pretty easily send you a
> patch that compares before and after header+payload MD5 digest
> and warns/errors if the two values do not match while signing.

then you'd have to send to the upstream rpm, but i'd be more happy to
fix #495689 and be able to use 5.3's rpm with mock-0.9 instead of 5.2's
rpm:-)

-- 
  Levente                               "Si vis pacem para bellum!"


More information about the CentOS-devel mailing list