[Rpm-maint] [rpm-software-management/rpm] multiple signatures support? (#189)

Jeff Johnson notifications at github.com
Wed Oct 18 16:20:09 UTC 2017


@jcpunk ECM == Electronic Content Management signatures?

Integrating RPM (actually GPG) signatures with ECM is a much more complex issue than whether multipole signatures are permitted into *.rpm package files.

Treating a *.rpm file as static content with an appended ECM signature is entirely feasible. The GPG signature used by RPM is then just part of the content verified by the ECM signature.

This is no different than appending a signature to a *.rpm file. Of course the resulting file is then no longer readable by rpm itself until the appended signature (and whatever other format changes are performed) is reverted.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/189#issuecomment-337646442
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20171018/412ad060/attachment.html>


More information about the Rpm-maint mailing list