[Rpm-maint] [rpm-software-management/rpm] RPM signature verification for files from installed packages (Issue #2671)

Neal Gompa (ニール・ゴンパ) notifications at github.com
Tue Sep 19 01:02:28 UTC 2023


> The issue however is neither Fedora, nor RHEL keeps intermediate update packages on the server, so it's quite a common configuration to have packages are installed where the source Fedora/RHEL packages cannot be downloaded or found anywhere on the Internet since they have been deprecated and replaced with newer updates.

Two things:

1. RHEL does keep intermediate packages published forever. RHEL derivatives may not necessarily do that, though.
2. Fedora has a huge archive repo that is not shipped/enabled by default that keeps all shipped updates for a release. If you install the `fedora-repos-archive` package, you'll get the updates archive. It's used by Fedora CoreOS primarily, but it's available to any Fedora user to use optionally.

That said, the problem you describe is potentially worth solving regardless.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2671#issuecomment-1724679899
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/2671/1724679899 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230918/b1a59b52/attachment-0001.html>


More information about the Rpm-maint mailing list