[Rpm-maint] RPM 4.14.2-rc1 released!
Panu Matilainen
pmatilai at redhat.com
Fri Jun 29 12:38:40 UTC 2018
We don't usually bother with release candidates for stable tree updates,
but this one is an exception for a reason - it's a big one.
The Big Thing here is the addition of a package verification step to
transactions which verifies the entire package prior to starting the
transaction. By default, only a valid digest coverage for the entire
package is required but this can be configured (with %_pkgverify_level
macro, see main macros file for details) to require a valid signature,
and there we have an enforcing signature policy. Finally.
This is intentionally implemented in a way that it forces depsolvers to
learn new tricks in order to bypass. It's also supposed to be
transparent, so well-behaved rpm API clients should just work. Knock
wood, but hence the rc.
And since I know you're all wondering by now: such a big feature is not
something we usually backport to existing releases, the reason for this
exception is that this was always planned for rpm 4.14, it's just that
we missed the original deadline by a year. Oops.
Beyond the verification thing, there's the usual assortment of bugfixes
and minor enhancements all over the place, from a whole bunch of
different contributors.
For details and download info, head to
http://rpm.org/wiki/Releases/4.14.2
Please try and test as many scenarios and clients as possible.
On behalf of the #rpm-team,
- Panu -
More information about the Rpm-maint
mailing list