On 5/31/19 6:57 AM, Martin Kolman wrote:
I guess we can't just switch what the signature refers to as there are other
tools
that do this kind of verification on the compressed data, not just delta-RPM,
right ?
So maybe, could we attach a second signature computed on the uncompressed
payload ?
Delta-RPM could then use that to verify the reconstructed package & would be
crazy fast,
as the slow XZ compression will no longer be needed to be performed client-side
to verify
the signature.
It's not deltarpm that needs the signature. It just puts the package
together. It's rpm that checks the signature.
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
