I believe signatures are checked after packages are rebuilt from deltas. Therefore, if your delta is compromised, the resulting package won't validate with the signature. On 28 December 2012 11:40, Magnus Therning <magnus@xxxxxxxxxxxx> wrote: > On Fri, Dec 28, 2012 at 10:31 AM, Allan McRae <allan@xxxxxxxxxxxxx> wrote: >> On 28/12/12 05:27, Magnus Therning wrote: >>> Do these two features play nice together? >>> >> >> Why wouldn't they? > > No reason beyond that it requires extra code in pacman to make it > work. It could be a thing that's easily overlooked. > > /M > > -- > Magnus Therning OpenPGP: 0xAB4DFBA4 > email: magnus@xxxxxxxxxxxx jabber: magnus@xxxxxxxxxxxx > twitter: magthe http://therning.org/magnus -- Sébastien Leblanc
