James Antill wrote: > IMO, as has been said before, if you have a delta method that doesn't > produce the exact same bits at the end ... you've probably failed. It > might seem like a good idea, but even if you go to the extreme lengths > needed to make it just for yum ... things like reposync won't be able > to use it, Eg. > > http://james.fedorapeople.org/python/delta-rpm-dir.py I realize there's a lot of stuff sitting on top of RPM that depends on how it works currently, but in terms of correctness, it still seems to me to make more sense to sign the uncompressed data, since that's what actually gets used, and it would avoid issues like https://fedorahosted.org/rel-eng/ticket/4224 which will have to be dealt with periodically as long as compression continues to improve. So let me rephrase the question: in an alternate universe where RPM was originally designed to sign the uncompressed data, and the higher-level tools were subsequently designed to work with that, is there any fundamental reason why things would be worse (or better) than they are now? (Again, sorry for not replying in-thread, but Gmane isn't updating.)
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
