[arch-general] Combining package deltas and signing?
Magnus Therning
magnus at therning.org
Sun Dec 30 14:26:04 EST 2012
On Fri, Dec 28, 2012 at 10:54:14PM -0500, Sébastien Leblanc wrote:
> I believe signatures are checked after packages are rebuilt from
> deltas. Therefore, if your delta is compromised, the resulting
> package won't validate with the signature.
Excellent. I also notice you use the word "deltas", plural, which
leads me to the next question :)
Will deltas be combined by pacman, or will only ever a single delta be
used?
/M
--
Magnus Therning OpenPGP: 0xAB4DFBA4
email: magnus at therning.org jabber: magnus at therning.org
twitter: magthe http://therning.org/magnus
Most software today is very much like an Egyptian pyramid with
millions of bricks piled on top of each other, with no structural
integrity, but just done by brute force and thousands of slaves.
-- Alan Kay
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20121230/c282714c/attachment-0001.asc>
More information about the arch-general
mailing list