On 11/8/21 01:23, Demi Marie Obenour wrote:
On 11/7/21 12:15 AM, Sumit Bhardwaj wrote:
It is not always about speed. There are still plenty of places in the world
where people are on limited data plans and to them using delta rpms makes a
lot of sense. They can work with slow speeds but not with high data
expenses. So i feel turning it on by default and having a setting to turn
it off is still a sane choice. Just my 2 cents.
Regards,
Sumit Bhardwaj
I recommend that deltarpms be disabled by default as they increase attack
surface. Users who need deltarpms to be enabled can turn them on manually.
In the future, deltarpms should be cryptographically signed, which would
mitigate these concerns.
This has been discussed before. The deltarpms don't need to be signed,
it's irrelevant. The resulting rpm is signed and the signature is
checked before installing.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
