On 06/29/2014 12:32 PM, drago01 wrote:
On Sun, Jun 29, 2014 at 1:55 AM, Jonathan Dieter <jdie...@lesbg.com> wrote:
2. RPM would also need to support signatures across the uncompressed payload
as well as the compressed payload.
Well Florian said that only the header is actually signed not the
payload. So this shouldn't be necessary.
I missed that the information that the payload is XZ-compressed is
likely signed (hard to tell because the current RPM format isn't
documented). So we'd need a fake XZ implementation that produces an
essentially uncompressed data stream (xz -0 still compresses).
In the meantime, we could try to reduce the compression level to 0
unconditionally in applydeltarpm.
--
Florian Weimer / Red Hat Product Security
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
