[arch-general] Combining package deltas and signing?

Sébastien Leblanc leblancsebas at gmail.com
Fri Dec 28 22:54:14 EST 2012


I believe signatures are checked after packages are rebuilt from
deltas. Therefore, if your delta is compromised, the resulting package
won't validate with the signature.

On 28 December 2012 11:40, Magnus Therning <magnus at therning.org> wrote:
> On Fri, Dec 28, 2012 at 10:31 AM, Allan McRae <allan at archlinux.org> wrote:
>> On 28/12/12 05:27, Magnus Therning wrote:
>>> Do these two features play nice together?
>>>
>>
>> Why wouldn't they?
>
> No reason beyond that it requires extra code in pacman to make it
> work.  It could be a thing that's easily overlooked.
>
> /M
>
> --
> Magnus Therning                      OpenPGP: 0xAB4DFBA4
> email: magnus at therning.org   jabber: magnus at therning.org
> twitter: magthe               http://therning.org/magnus



-- 
Sébastien Leblanc


More information about the arch-general mailing list