On Fri, May 31, 2019 at 7:58 AM Martin Kolman <mkolman@xxxxxxxxxx> wrote: > I guess we can't just switch what the signature refers to as there are other tools > that do this kind of verification on the compressed data, not just delta-RPM, right ? > > So maybe, could we attach a second signature computed on the uncompressed payload ? > Delta-RPM could then use that to verify the reconstructed package & would be crazy fast, > as the slow XZ compression will no longer be needed to be performed client-side to verify > the signature. "something like 90% of packages are below 1MB compressed" (ajax upthread) How about only doing deltarpm on a subset of large packages: firefox, libreoffice, etc, whose most recent RPMs are retained locally? Now rebuilding the oldrpm doesn't need to happen. The space for the oldrpm is needed anyway for the rebuild. Why not keep it, instead of rebuilding? -- Chris Murphy _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx