[Rpm-maint] [rpm-software-management/rpm] RPMv6 proposal: Detached signatures (#1482)

Kevin Fenzi notifications at github.com
Sun Jan 17 19:59:50 UTC 2021


> @mlschroe Sadly, Fedora doesn’t sign its metadata.

We don't need to as we use metalinks. In the metalink is the checksum(s) for the valid repomd.xml file. If someone tampers with the repodata it will not match and the client will go on to the next one. But thats likely offtopic for this issue... so I will stop there.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1482#issuecomment-761870577
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210117/fb4216a1/attachment.html>


More information about the Rpm-maint mailing list