On Wednesday 02 April 2008, Jeff Spaleta wrote: > On Wed, Apr 2, 2008 at 12:31 PM, Benny Amorsen > <benny+usenet@xxxxxxxxxx<benny%2Busenet@xxxxxxxxxx>> > > wrote: > > It's sad that more dependencies are needed for something as basic as > > yum, > > Who you prefer that yum grow its own gpg implementation in order to > correctly verify the gpg signatures on packages? > > Why is code reuse sad? Reuse is not sad per se, but if this is indeed for checking package signatures, rpm can do it and I assume the functionality to do it is exposed to python from it - wouldn't it be better to reuse it from rpm instead of pulling in an additional library for doing the same thing? Of course, there may be good reasons to do it this way; I'm nowhere near familiar enough with yum or rpm APIs or their development directions to be able to tell. WAG: Or perhaps this is for checking signatures on something else than packages, eg. repodata? -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
