[Rpm-maint] [rpm-software-management/rpm] RFE: add a digest on the compressed payload content (#163)
Panu Matilainen
notifications at github.com
Thu Mar 2 05:48:26 UTC 2017
What MD5? Besides being hopelessly outdated and vulnerable, nothing besides rpm -K actually verifies it. Yum/dnf certainly does not. And it lives in the signature header so you can just modify it at will.
Repository formats are just not relevant here, at all, no matter which way they're signed.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/163#issuecomment-283562982
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20170301/00cfd992/attachment.html>
More information about the Rpm-maint
mailing list