I've replaced the SNAPSHOT tarball. I'll roll the final tarball tomorrow, scrubbing out the cruft.
All packages produced from rpmbuild are DSA signed and verify when installing, or through --checksig. All headers with RPMTAG_PUBKEY (the tag used to store the pubkey in the header) are indexed in an rpmdb without the clunkiness of "gpg-pubkey" wrappers. Every package in a build set carries a pubkey that can verify the signature of any other package in the same buildset. tick tock 73 de Jeff ______________________________________________________________________ RPM Package Manager http://rpm5.org Developer Communication List rpm-devel@rpm5.org
