[Rpm-maint] [rpm-software-management/rpm] RFE: add a digest on the compressed payload content (#163)

Colin Walters notifications at github.com
Wed Mar 1 13:47:31 UTC 2017


In practice though, people shouldn't be using raw `rpm` to install RPMs.  They should (and 90% of the time are) using a higher level system like zypper, yum, or rpm-ostree.  

These systems all consume "rpm-md/yum" metadata, which obviously today has a checksum over the content, which can be verified without opening the RPM.

I know they're not the same - having a checksum just over the content as opposed to header+content should (AIUI) allow us to GPG sign without invalidating the content checksum (right?).

But it's surprising to me that we'd do something here without (apparently) considering how it interacts with rpm-md.


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/163#issuecomment-283343716
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20170301/710336e7/attachment.html>


More information about the Rpm-maint mailing list