On 11/11/2010 07:17 AM, Andre Robatino wrote: > in an alternate universe where RPM was originally > designed to sign the uncompressed data, and the higher-level tools were > subsequently designed to work with that, is there any fundamental reason > why things would be worse (or better) than they are now? The bytes that are signed would be "farther away" from the contents of the .rpm file. The compression would occur in between the signing and packing the file, so the signing would be less "end-to-end" with respect to packing the contents into the file. This changes the data integrity implications of signature that does not match. Some uses want more protection against "mere transmission errors" of the file, other uses want more independence of the various steps in a larger process (ability to change compression without changing signature, for example.) -- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
