Time to resurrect multi-key signatures in RPM?
Bojan Smojver
bojan at rexursive.com
Tue Aug 26 03:57:04 UTC 2008
Bojan Smojver <bojan <at> rexursive.com> writes:
> Are these things exceptions to the rule or do majority of package have this
> kind of thing built in?
Actually, it should be quite easy to verify this. If someone from Red Hat could
run 'ls *.rpm | sort | while read pkg; do echo -en "$pkg\t"; rpm2cpio < $pkg |
sha1sum; done' for all Fedora packages built in koji of a distro/arch (say
F9/i386) and if Matt could do the same on his Dell build farm, we'll clearly see
what gives different checksums of cpio archives.
--
Bojan
More information about the fedora-devel-list
mailing list