hi
I've noticed that no one seems to be signing drpms. Is there a reason for that ? or is it just down to inconvenient ( its a bit messy needing to get drpms into secure-box type environments ), and of academic interest ( in that the re-assembled rpm will be signed, and need to go through a verify process ).
- KB
On Sep 27, 2011, at 8:17 PM, Karanbir Singh wrote:
hi
I've noticed that no one seems to be signing drpms. Is there a reason for that ? or is it just down to inconvenient ( its a bit messy needing to get drpms into secure-box type environments ), and of academic interest ( in that the re-assembled rpm will be signed, and need to go through a verify process ).
drpms are a binary patch to *.rpm … after application the patched end result *.rpm has digests and (if present in the original) a signature.
You will have to look at yum to detect how/where/if that signature is verified after drpm patching.
Additional signatures for drpm patches could be done. yes very messy and overly complex as a distribution means. rsync of *.rpm instead of drpm is perhaps sounder/saner/simpler approach to distributing software. drpms are focussed on minimum bandwidth usage as highest priority.
73 de Jeff
-
Jeff Johnson -
Karanbir Singh