-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 27 Jun 2014 11:35:20 -0600 Kevin Fenzi <kevin@xxxxxxxxx> wrote: > On Fri, 27 Jun 2014 19:23:04 +0200 > drago01 <drago01@xxxxxxxxx> wrote: > > > Why? > > My understanding of the process as it exists: > > Download drpm. > Take drpm contents + old package files installed locally that were not > changed and create updated rpm. > yum/dnf hands off this updated new version to rpm as normal. > > If they didn't create the orig rpm, it would require rpm to handle > drpms differently and apply them somehow on existing files and update > rpmdb. If the drpms were signed, only those parts of the package that > changed in that drpm could be verified, the rest of the ones from the > filesystem would just be whatever was on the filesystem. additionally the drpms are created at repo creation time and are never available to the signing process. we would have to redo and rethink how we make deltarpms. which would open up a massive can of worms that would likely result in much wasted effort. Dennis -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJTss+aAAoJEH7ltONmPFDRW4wP/RmPoKSW46VImnYuDdI+KPaO PQp/Mg9InbsuRr6Re+o2pk+fOlxZoDY0P8G9xuzuoi9j8CMh+nIENx7/GEQa3wh/ D8YpQRLZtNFnNRFB6aJm9hgWrjTtBG5YB+xc+ROXo65s/vqhYKbjCoxgl+u4ZL/l jwW7Z0pgtoAzxPrceLIjn5MrwTGin7oVcsHMnghP8+/svM2al9x1M6Jx1kzO0NGy h3L1ClkUXCM2lVsuib79fETMAICF40EGZQPZ5/RErJ5FYmu3ldif7crt/qydtA9u 8XaN6xIdc2EW7L2aqy2MYuKzxwwfpHcXg/W6WCjS2/Zd+UJMVpg8ZHIv4wOR+Eww LXfz2RHThn0siLti2WenH6pm+UagipvSGJesoVu/igdgoa9UCOtH/w+MePO1OoIv QcvtCzQ9zmDdzJoA/bsbwo9QIThtlCXCU7AT6JAbOVwZlkXvatjpUCjjmo5gWyuD XNMEIvvEkna975+TU8Y4atkkSRxIt3tOFdkzbV4nrS0OPclP9TSpsUt4zsJecosl +mT2ca2JihJfJkJXe0e1k+QZPaAon+VYHMGq6n/+T8zwjH2277ct3pn9jE2iUT62 WvubEOw6Q8jrEiBBEgfgG6uyucW49Q0jqSnyrOosikrfvwH4Inp3viO0zj7bB+yA bpktGNj51E6Qk8HkWzkX =QpUV -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
