Re: Fedora 34 Change: Signed RPM Contents (late System-Wide Change)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/22/21 1:33 AM, Matthew Miller wrote:
On Thu, Jan 21, 2021 at 03:16:47PM -0800, Kevin Fenzi wrote:
I defer to Patrick, but I think what he was trying to say is that if you
do not have the rpm-plugin-ima installed, nothing changes in the files
you are installing from rpm. They are exactly the same as they would be
if they were not ima signed. It's only after you install the
rpm-plugin-ima and install a rpm that it puts the signatures down in the
files extended attributes.

Oh! I hadn't caught that in the original description (and it's much more
clear now in the revised change proposal). That very much lessens the impact
of this change!

It does, but the hex-encoded signatures in headers bloat everybodys rpmdb and add up in download sizes, whether used or not. That matters at least to the container folks who are desperate about the rpmdb size as it is. So at the very least a more efficient encoding should be used to minimize the penalty to *everybody* whether they use this feature or not.

	- Panu -
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux