Bill Crawford píše v Čt 26. 02. 2009 v 11:55 +0000: > The hash for the original file is stored in the rpm database, as part of the > headers. Sure. > Why wasn't a new tag created, or why doesn't the new shiny rpm mark > the entry in some way to indicate that it's a "new" hash? There is a new tag. > Isn't the new hash > bigger anyway? In which case it should be able to tell what kind of hash it is > (just like the password encryption routines can recognise the difference > between an md5 and an sha1 hash) Of course rpm can tell. > ... and run the old checksum code on the file > on the machine, before replacing it with the new file and the new hash. That answers the question whether the user has modified the file. It doesn't answer the question whether the packager has modified the shipped file between the two rpm package versions. > Is this actually rocket science? I don't know, is rpm used on rocket guidance systems nowadays? Mirek -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
