[CentOS-devel] signing drpms
n3npq at mac.com
Wed Sep 28 15:13:44 UTC 2011
On Sep 27, 2011, at 8:17 PM, Karanbir Singh wrote:
> I've noticed that no one seems to be signing drpms. Is there a reason
> for that ? or is it just down to inconvenient ( its a bit messy needing
> to get drpms into secure-box type environments ), and of academic
> interest ( in that the re-assembled rpm will be signed, and need to go
> through a verify process ).
drpms are a binary patch to *.rpm … after application the patched end result
*.rpm has digests and (if present in the original) a signature.
You will have to look at yum to detect how/where/if that signature is verified
after drpm patching.
Additional signatures for drpm patches could be done. yes very messy
and overly complex as a distribution means. rsync of *.rpm instead of drpm
is perhaps sounder/saner/simpler approach to distributing software. drpms
are focussed on minimum bandwidth usage as highest priority.
73 de Jeff
More information about the CentOS-devel