Re: No more deltarpms by default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Am 17.10.2014 um 10:55 schrieb Roberto Ragusa:
On 10/06/2014 07:25 PM, Reindl Harald wrote:

the last discussions suggested that the result needs to be *identical* to the full RPM downloaded for not break signatures

Bizarre design; the signature should protect the content (uncompressed), not
the transport method (compressed)

no - it is a smart design besides the topic

the whole RPM package is signed and so you can verify the integrity without unpack it first - the history showed security flaws more than once just uncompress untrusted archives

https://www.google.at/search?q=attack+uncompress

and it is a smart design in general:
RPM don't need to know anything about deltarpms the way it is implemented just because RPM has not to deal with that and only faces the rebuilt package


Attachment: signature.asc
Description: OpenPGP digital signature

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux