Re: [arch-general] Combining package deltas and signing?
On 31/12/12 05:26, Magnus Therning wrote: > On Fri, Dec 28, 2012 at 10:54:14PM -0500, Sébastien Leblanc wrote: >> I believe signatures are checked after packages are rebuilt from >> deltas. Therefore, if your delta is compromised, the resulting >> package won't validate with the signature. > > Excellent. I also notice you use the word "deltas", plural, which > leads me to the next question :) > > Will deltas be combined by pacman, or will only ever a single delta be > used? > They can be combined. pacman does a calculation to see whether the delta chain is worth it.
Re: [arch-general] Combining package deltas and signing?
On Fri, Dec 28, 2012 at 10:54:14PM -0500, Sébastien Leblanc wrote: > I believe signatures are checked after packages are rebuilt from > deltas. Therefore, if your delta is compromised, the resulting > package won't validate with the signature. Excellent. I also notice you use the word "deltas", plural, which leads me to the next question :) Will deltas be combined by pacman, or will only ever a single delta be used? /M -- Magnus Therning OpenPGP: 0xAB4DFBA4 email: mag...@therning.org jabber: mag...@therning.org twitter: magthe http://therning.org/magnus Most software today is very much like an Egyptian pyramid with millions of bricks piled on top of each other, with no structural integrity, but just done by brute force and thousands of slaves. -- Alan Kay pgpVel4Hs1wcY.pgp Description: PGP signature
Re: [arch-general] Combining package deltas and signing?
I believe signatures are checked after packages are rebuilt from deltas. Therefore, if your delta is compromised, the resulting package won't validate with the signature. On 28 December 2012 11:40, Magnus Therning wrote: > On Fri, Dec 28, 2012 at 10:31 AM, Allan McRae wrote: >> On 28/12/12 05:27, Magnus Therning wrote: >>> Do these two features play nice together? >>> >> >> Why wouldn't they? > > No reason beyond that it requires extra code in pacman to make it > work. It could be a thing that's easily overlooked. > > /M > > -- > Magnus Therning OpenPGP: 0xAB4DFBA4 > email: mag...@therning.org jabber: mag...@therning.org > twitter: magthe http://therning.org/magnus -- Sébastien Leblanc
Re: [arch-general] Combining package deltas and signing?
On Fri, Dec 28, 2012 at 10:31 AM, Allan McRae wrote: > On 28/12/12 05:27, Magnus Therning wrote: >> Do these two features play nice together? >> > > Why wouldn't they? No reason beyond that it requires extra code in pacman to make it work. It could be a thing that's easily overlooked. /M -- Magnus Therning OpenPGP: 0xAB4DFBA4 email: mag...@therning.org jabber: mag...@therning.org twitter: magthe http://therning.org/magnus
Re: [arch-general] Combining package deltas and signing?
On 28/12/12 05:27, Magnus Therning wrote: > Do these two features play nice together? > Why wouldn't they?
[arch-general] Combining package deltas and signing?
Do these two features play nice together? /M -- Magnus Therning OpenPGP: 0xAB4DFBA4 email: mag...@therning.org jabber: mag...@therning.org twitter: magthe http://therning.org/magnus