On Wed, Sep 23, 2009 at 5:14 PM, Seth Vidal <skvidal@xxxxxxxxxxxxxxxxx> wrote: > > > On Wed, 23 Sep 2009, drago01 wrote: > >> On Wed, Sep 23, 2009 at 5:11 PM, Seth Vidal <skvidal@xxxxxxxxxxxxxxxxx> >> wrote: >>> >>> >>> On Wed, 23 Sep 2009, drago01 wrote: >>> >>>> Does not matter which compression algorithm we use creating a >>>> compressed rpm just to uncompressed it again shortly after that is a >>>> waste of cycles/power/time. >>> >>>> As for the GPG signature ... can't the drpm itself be signed? >>> >>> We'd need to do that signing which would take, umm, forever. >> >> What? You mean at compose time? (Signing on the client side would not >> make much sense) > > I mean on the server/repo side. The steps we'd need to do for a full release > would be: > > 1. compose tree > 2. sign pkgs in tree > 3. make deltarpms of pkgs vs older tree > 4. sign deltarpms > 5. generate repository metadata > > that would take a long time. Yeah but if you take into account the time saved on x clients it would be worth it (assume x is very high). How long would the extra signing process take? -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
