The advantage of a detached signature is that you don't have to modify
something in order to certify it. The disadvantage is that you have to have
both parts to validate.
Rpms are often signed with multiple keys over their lifetime. Embedded
signatures force us to choose between keeping mostly redundant copies, or
forever throwing away the previous signed copy. Koji dodges this by having the
ability to rip out an rpm signature header and splice it back in later,
effectively detaching the embedded signature.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/189#issuecomment-292628002
_______________________________________________
Rpm-maint mailing list
[email protected]
http://lists.rpm.org/mailman/listinfo/rpm-maint
