> but repomd.xml isn't at issue, actually. The metadata you're concerned > with is impacted by --unique-md-filenames. sure, and that --unique-md-filenames is very smart but what if the mirror gave me a CGI generated repomd.xml having the same time timestamp as the request and then yum will ignore the real repomd.xml and will assume that any mirror having the real sums to be the corrupted ones > I believe the metalinks one will be available and fedora SHOULD be gpg > signing repomd.xml files in F10 though I'm not positive what the status is > on that. looking forward because while using yumdownloader to compose my own media it gave me some rpms with corrupted sums (I noticed that when I run repomanago -o .) I did not report it because I could not reproduce it because each time I got different mirrors but this could be related https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=470380 _______________________________________________ Yum mailing list Yum@xxxxxxxxxxxxxxxxx http://lists.baseurl.org/mailman/listinfo/yum
