29 Dec
2012
29 Dec
'12
3:54 a.m.
I believe signatures are checked after packages are rebuilt from deltas. Therefore, if your delta is compromised, the resulting package won't validate with the signature. On 28 December 2012 11:40, Magnus Therning <magnus@therning.org> wrote:
On Fri, Dec 28, 2012 at 10:31 AM, Allan McRae <allan@archlinux.org> wrote:
On 28/12/12 05:27, Magnus Therning wrote:
Do these two features play nice together?
Why wouldn't they?
No reason beyond that it requires extra code in pacman to make it work. It could be a thing that's easily overlooked.
/M
-- Magnus Therning OpenPGP: 0xAB4DFBA4 email: magnus@therning.org jabber: magnus@therning.org twitter: magthe http://therning.org/magnus
-- Sébastien Leblanc