I believe signatures are checked after packages are rebuilt from deltas. Therefore, if your delta is compromised, the resulting package won't validate with the signature.
On 28 December 2012 11:40, Magnus Therning email@example.com wrote:
On Fri, Dec 28, 2012 at 10:31 AM, Allan McRae firstname.lastname@example.org wrote:
On 28/12/12 05:27, Magnus Therning wrote:
Do these two features play nice together?
Why wouldn't they?
No reason beyond that it requires extra code in pacman to make it work. It could be a thing that's easily overlooked.
-- Magnus Therning OpenPGP: 0xAB4DFBA4 email: email@example.com jabber: firstname.lastname@example.org twitter: magthe http://therning.org/magnus