[Rpm-announce] RPM 4.14.2 released!
Panu Matilainen
pmatilai at redhat.com
Tue Aug 21 11:23:34 UTC 2018
This is a bug fix and enhancement update to the stable 4.14.x branch,
with the usual assortment of relatively small changes across the board.
With one exception. The Big Thing here is the addition of a package
verification step to transactions which verifies the entire package
prior to starting the transaction. By default, only a valid digest
coverage for the entire package is required but this can be configured
(with %_pkgverify_level macro, see main macros file for details) to
require a valid signature, and there we have an enforcing signature
policy. Finally.
This is intentionally implemented in a way that it forces depsolvers to
learn new tricks in order to bypass. It's also supposed to be
transparent, so well-behaved rpm API clients should just work. Based on
the almost non-existent complaints from the release-candidates, they
typically do.
Such a big feature is not something we usually backport to existing
releases, but the reason for this exception is that this was always
planned for rpm 4.14, it's just that we missed the original deadline by
a year. Oops.
Oh and of course, details and download info in the usual place:
http://rpm.org/wiki/Releases/4.14.2
On behalf of the #rpm-team,
- Panu -
More information about the Rpm-announce
mailing list