[CentOS-devel] kdebindings-3.5.4-6.el5.src.rpm seems to be wrong
lfarkas at lfarkas.org
Tue Apr 21 23:44:21 UTC 2009
Jeff Johnson wrote:
> On Apr 21, 2009, at 6:10 PM, Jeff Johnson wrote:
>> Its easy enough to create a reproducer:
>> 1) build some package
>> 2) use dd to truncate some of the payload.
>> 3) sign the package
>> 3) verify the signature.
> If this reproduces the issue, I can pretty easily send you a
> patch that compares before and after header+payload MD5 digest
> and warns/errors if the two values do not match while signing.
then you'd have to send to the upstream rpm, but i'd be more happy to
fix #495689 and be able to use 5.3's rpm with mock-0.9 instead of 5.2's
Levente "Si vis pacem para bellum!"
More information about the CentOS-devel