[Rpm-maint] [rpm-software-management/rpm] Update format documentation in the manual (PR #2835)

[Panu Matilainen]

@pmatilai commented on this pull request.



> +they store can be found [here](signatures_digests.md).
+
+RPM v4 packages are expected to contain at least one of SHA1HEADER or SHA256HEADER
+tags, providing a cryptographic digest of the main header, and may contain one
+or both of the PAYLOADDIGEST and PAYLOADDIGESTALT tags, providing a cryptographic
+digest of the package payload in the compressed and uncompressed forms, respectively.
+
+If the package has been cryptographically signed using OpenPGP, an RSAHEADER or
+DSAHEADER tag ought to be present, which contains an OpenPGP signature of the
+package header. Which tag is present depends on which of the two (supported)
+OpenPGP algorithms was used at signing time. Using a key based upon the RSA
+algorithm to sign the package will result in the signature being stored in the
+RSAHEADER tag, whereas the use of the EdDSA (ed25519) algorithm will use the
+DSAHEADER tag instead.  The name of the DSAHEADER tag is a historical artifact,
+it originally referred to the long-obsolete DSA algorithm but was later reused
+for EdDSA (ed25519) signatures.

Possible? Technically yes but it doesn't make it any more right or any easier for the user, only more confusing.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/2835#discussion_r1445797752
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/pull/2835/review/1810675076 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240109/e5a78e1d/attachment.html>