Hi. On Tue, 11 Mar 2008 08:33:49 -0500, Matt Domsch wrote: > I started looking into this. rpm -V verifies the md5sums of the > individual files. Running 'rpm -V' for each rpm on the ccLiveCD-2.0 > only turned up a dozen or so pacakges with any changes at all, all of > them trivial configuration changes. Ah, I overlooked that path. > rpm -V does not, AFAICT, try recreating the original rpm, to compare > the gpg signature. For our purposes, I think it would be fair to > assume, that if the package is signed, by one of the Fedora keys, and > if it's 'rpm -V' output was clean, that it is unchanged. Yes, that would be true. rpm -V does not recreate the RPM, it does not have to. It just needs a (digitally signed) list of files along with their properties (size, mode, checksum). -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
