On Sat, Sep 26, 2009 at 9:53 AM, Kevin Kofler <kevin.kofler@xxxxxxxxx> wrote: > drago01 wrote: >> As for the GPG signature ... can't the drpm itself be signed? > > If the metadata is getting signed, it basically is already. The metadata > contains a checksum of the DRPM, so if the metadata passes the signature > check and the DRPM matches the checksum, the DRPM's integrity and > uncompromisedness is verified. So I think it's safe to disable the checksum > check for the rebuilt RPMs entirely. Well if this is the case then we can simply not compress the generated rpms, problem solved. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
