On Sep 27, 2011, at 8:17 PM, Karanbir Singh wrote: > hi > > I've noticed that no one seems to be signing drpms. Is there a reason > for that ? or is it just down to inconvenient ( its a bit messy needing > to get drpms into secure-box type environments ), and of academic > interest ( in that the re-assembled rpm will be signed, and need to go > through a verify process ). > drpms are a binary patch to *.rpm … after application the patched end result *.rpm has digests and (if present in the original) a signature. You will have to look at yum to detect how/where/if that signature is verified after drpm patching. Additional signatures for drpm patches could be done. yes very messy and overly complex as a distribution means. rsync of *.rpm instead of drpm is perhaps sounder/saner/simpler approach to distributing software. drpms are focussed on minimum bandwidth usage as highest priority. 73 de Jeff