On Wed, Jun 25, 2008 at 9:25 PM, Jeff Johnson <[EMAIL PROTECTED]> wrote:
> > On Jun 25, 2008, at 3:10 PM, Tim Mooney wrote: > > >> :-) I personally don't care about the loss of vendor signatures. Since >> I'm not very familiar with RPM internals, I'm not sure what all the >> implications are for the loss of header+payload MD5, but I'm guessing >> most RPM users won't care. >> >> > Well you may not *think* you care, but this thread (like most) points out > that > vendor *.rpm packages cannot be resigned with modern RPM. > > Modern == what has been widely deployed for 6+ years. > > Until vendors change their packaging, the existence (or not) > of a converter changes nothing whatsoever. Lusers will download > vendor *.rpm packages and be surprised that they cannot resign. Why lusers want to resign package they have not created in first place: if they want signed package, well, they have to ask the vendor alongside the pub key - they have already paid anymore. I am perhaps a lusers, more yes that not, but i don't do this never. Best Regards > > ______________________________________________________________________ > RPM Package Manager http://rpm5.org > Developer Communication List rpm-devel@rpm5.org >