Le dimanche 12 mars 2006 à 16:21 +0100, Ralf Ertzinger a écrit : > It has been proposed to add a field to the RPM file headers that can > be set by the packager to indicate where the package came from. This requires > work on the behalf of all packagers/repositories, and is thus not likely > to work (in my opinion), or it will take a long time to actually show effect. Why do you need a separate header/field/whatever ? You *already* have this field - that's the GPG signature. Assign weights to signing keys and you're done (this solves rpm/yum, manual rebuilds, p.r.c. repos, it's so natural that's not even funny considering we're been ignoring it so long) You'll note Fedora *already* recognizes keys are a discriminant - different keys are used for different repos (Core, Security, etc) (Of course that would require Fedora to implement the long-awaited rawhide signing. Virtuous circle - you do something for one reason, and it has good side effects on other problems) Regards, -- Nicolas Mailhot
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
