[Rpm-maint] [rpm-software-management/rpm] Support uncompressed/reconstructed payloads (#861)
notifications at github.com
Wed Sep 25 08:42:05 UTC 2019
> deltarpm would also need to be changed to strip away all header+payload digests/signatures from the signature header.
On that note... the grand plan is to drop header+payload digests/signatures from rpm, except an legacy compatibility option. Adding a strong (and signed if package is signed) digest for the payload alone was a pre-requisite for that, and it's also the reason the verify code is written the way it is: for packages built on rpm >= 4.14 you can already disable header+payload digests/signatures without sacrificing security at all. And in this setting, whether the payload is compressed or not is ultimately totally uninteresting.
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Rpm-maint