[arch-general] Combining package deltas and signing?
Sébastien Leblanc
leblancsebas at gmail.com
Fri Dec 28 22:54:14 EST 2012
I believe signatures are checked after packages are rebuilt from
deltas. Therefore, if your delta is compromised, the resulting package
won't validate with the signature.
On 28 December 2012 11:40, Magnus Therning <magnus at therning.org> wrote:
> On Fri, Dec 28, 2012 at 10:31 AM, Allan McRae <allan at archlinux.org> wrote:
>> On 28/12/12 05:27, Magnus Therning wrote:
>>> Do these two features play nice together?
>>>
>>
>> Why wouldn't they?
>
> No reason beyond that it requires extra code in pacman to make it
> work. It could be a thing that's easily overlooked.
>
> /M
>
> --
> Magnus Therning OpenPGP: 0xAB4DFBA4
> email: magnus at therning.org jabber: magnus at therning.org
> twitter: magthe http://therning.org/magnus
--
Sébastien Leblanc
More information about the arch-general
mailing list